When you install an npm package using npm install <package-name>, you are installing it as a dependency.
The package is automatically listed in the package.json file, under the dependencies list (as of npm 5: before you had to manually specify --save).
When you add the -D flag, or --save-dev, you are installing it as a development dependency, which adds it to the devDependencies list.
Development dependencies are intended as development-only packages, that are unneeded in production. For example testing packages, webpack or Babel.
When you go in production, if you type npm install and the folder contains a package.json file, they are installed, as npm assumes this is a development deploy.
You need to set the --production flag (npm install --production) to avoid installing those development dependencies.
I find an easy way to remember this is to try and think if the library is needed in the actual code, like importing in a component, or not. If you import it somewhere in the source of your code, it should be a dependency. If it is only used when building (e.g. Webpack or a Webpack loader), testing, or in a package.json scripts or any outside tool, then it should be development dependency. And always try and have as few regular dependencies as needed, if it can be a development dependency, it should!