Open-Source Wikis

/

Angular

/

Reference

/

Dependencies

angular/angular

Dependencies

External npm dependencies that drive significant framework behavior. The full list is in the root package.json; this page calls out the ones a contributor benefits from knowing about.

Runtime dependencies

Package What it does Why it matters
typescript (6.0.x) TypeScript compiler. Pinned via resolutions so every workspace package uses the same version. Pinning is intentional — ngtsc couples tightly to TypeScript internals.
rxjs (^7.0.0) Reactive primitives. Used everywhere: HTTP, router events, async pipe, the legacy reactivity story. Signal-based code is gradually replacing direct RxJS usage in the framework's own internals.
tslib (^2.3.0) TypeScript's __extends/__decorate shims. Required for the emit; ships with every Angular package.
zone.js (0.16.x) Async-API monkey-patcher. Versioned in this repo. Optional in zoneless mode but still the default for many apps.
domino (forked from Mozilla's dom.js) A DOM implementation in Node. Used by @angular/platform-server for SSR. Pinned to a specific commit on the angular/domino fork.
reflect-metadata (^0.2.0) Runtime decorator metadata. Required by JIT compilation. AOT builds don't ship it.
esbuild (0.28.x) Bundler for several internal targets. Used by Bazel rules under the hood and by the linker babel-plugin pipeline.

Compiler dependencies

Package What it does
@babel/core, @babel/cli, @babel/generator Babel infrastructure for the linker.
@babel/plugin-transform-async-generator-functions Used in transform pipelines.
magic-string Source-aware string editing for the partial-eval and migration tools.
source-map, source-map-support Source-map tooling for emit and runtime.

Build / CI

Package What it does
@bazel/bazelisk, @bazel/ibazel, @bazel/buildifier Bazel launcher, watcher, and BUILD-file formatter.
@angular/ng-dev The internal CLI; published from angular/dev-infra.
@angular/cli, @angular-devkit/*, @schematics/angular, @angular/build The Angular CLI; consumed in the workspace as workspace deps for testing CLI scenarios. Published from angular/angular-cli.
karma, karma-*, jasmine, jasmine-core Browser test runner.
cypress DevTools E2E.
gulp, gulp-conventional-changelog, conventional-changelog Changelog generation for releases.
firebase-tools Deploys angular.dev to Firebase Hosting.

Tooling / linting

Package What it does
prettier Code formatter. Run via pnpm ng-dev format.
tslint, tslint-no-toplevel-property-access Linter. ESLint replacement has been considered but not adopted.
tsec Trusted-types security checker.
husky Git hook installer.

Testing

Package What it does
protractor (legacy) Earlier E2E framework, still in package.json for some integration tests.
selenium-webdriver Driver for Protractor / browser automation.
@types/jasmine, @types/node, @types/chrome, @types/yargs, @types/semver Types for the test stack.

Maintenance helpers

Package What it does
tinyglobby Fast glob matcher used by build scripts.
chalk Colored CLI output.
diff Used by the diff-release-package script.
semver Semver parser used by release tooling.
yargs CLI argument parsing.
tmp, adm-zip Used by snapshot/publish scripts.

Special quirks

  • AngularJS 1.x. The package.json lists multiple AngularJS versions (angular-1.5, angular-1.6, angular-1.7, angular-1.8) plus matching angular-mocks-* packages. They're consumed by @angular/upgrade's tests to verify the hybrid integration across the AngularJS major versions still in production use.
  • The domino fork. Pinned to a specific commit (928dffb9d9431b2cd2a73d7b940d1575f221e072 as of HEAD) rather than an npm-published version, because Angular has its own bug fixes in the fork.
  • @angular/material and @angular/cdk. Listed at next-version pins in package.json because the framework repo runs Material's e2e tests on PRs as part of the v22 cross-repo validation.

Update mechanics

The repo uses Renovate (renovate.json) for routine bumps. Major dependency upgrades go through manual PRs with explicit migration notes. The minimumReleaseAge in pnpm-workspace.yaml makes pnpm wait 24 hours after a release before the lockfile can pick it up — a defense against malicious-publish supply chain attacks.

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Dependencies – Angular wiki | Factory