Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025
cbumstead-serverless-plugin-tree-shake
Advanced tools
Package was removed
Sorry, it seems this package was removed from the registry
cbumstead-serverless-plugin-tree-shake
Shake the dependency tree and only include files needed
serverless-plugin-tree-shake
Shake the file dependency tree and only include files needed.
install
yarn add --dev serverless-plugin-tree-shake
npm install --save-dev serverless-plugin-tree-shake
usage
plugins:
- serverless-plugin-tree-shake
package:
# no need to spend time excluding dev dependencies, given that
# serverless-plugin-tree-shake does it already
excludeDevDependencies: false
example output before (with excludeDevDependencies enabled):
$ time sls package
33.93s user 20.17s system 82% cpu 1:05.94 total
$ tree
988 directories, 5978 files
example output after:
$ time sls package
3.77s user 1.27s system 51% cpu 9.724 total
$ tree
24 directories, 48 files
More details: BENCHMARK.md.
typescript support
This plugins supports typescript natively. It uses the installed typescript package, reads the appropriate config, and transpiles to js according to that config. You can see examples on the __fixtures__ that start with ts-.
individually
This plugins supports bundling functions individually. Just use that option accordingly:
package:
individually: true
excludeDevDependencies: false
include and exclude
You can use the include and exclude global, and per-function, configurations and it will include/exclude the especified files/patterns.
performance
Check out BENCHMARK.md - auto generated.
license
BSD-3-Clause
FAQs
Shake the dependency tree and only include files needed
We found that cbumstead-serverless-plugin-tree-shake demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 09 May 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Announcing Socket Fix 2.0
Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.
By Martin Torp, John-David Dalton, Jeppe Fredsgaard Blaabjerg, Benjamin Barslev, Oskar Haarklou Veileborg - Sep 10, 2025
Security News
Feross on Risky Business Weekly Podcast: npm’s Ongoing Supply Chain Attacks
Socket CEO Feross Aboukhadijeh joins Risky Business Weekly to unpack recent npm phishing attacks, their limited impact, and the risks if attackers get smarter.
By Sarah Gooding - Sep 10, 2025