Security News
CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives Growth
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.
By Sarah Gooding - Jan 09, 2026
cruft
Package cruft removal.
cruft tries to remove files from codebases that are not required in production such as documentation, tests and examples.
This is potentially very dangerous, use with a high level of caution.
The primary usecase is for deploying to devices with constrained diskspace (e.g. NinjaBlocks) or bandwidth (e.g. Australia).
Usage
> cruft clear --help
Usage: cruft-clear [options]
Options:
-h, --help output usage information
-V, --version output the version number
-f, --file [file] markdown file containing cruft definitions
-v, --verbose verbose output
Example Usage
> npm install -g cruft
> cd my-crufty-app
> cruft clear
cruft before +0ms 82.11mb
cruft after +15ms 31.46mb
cruft 50.65mb of cruft cleared! +3ms
cruft 61.68% reduction! +10ms
You'll be surprised how much cruft there is in your codebase. Try it and see!
Specifying Cruft
cruft uses dominictarr/rc for its configuration, so you can specify cruft in various ways,
including a config.json file specified by --config. See dominictarr/rc for other ways to specify configuration. cruft's app-name is 'cruft'.
> cat config.json # __defaults apply to every module
"cruft": {
"__defaults": ["test", "examples"],
"some-module": ["images"]
}
> cruft clear --config config.json
By default, this will add to the default cruft listed below. To turn off
the default cruft, use --noDefaultCruft:
# use cruft_cruft environment variable to specify a custom cruft pattern
# and --noDefaultCruft to disable default cruft patterns
> cruft_cruft="tests" cruft clear --noDefaultCruft
Identifying Cruft
cruft uses visionmedia/mdconf to get a list of default patterns to match straight from this readme.
If you find a package that has additional cruft, or mistakenly identified cruft, submit a pull request to update the list in this readme.
Default Cruft
By default, the following content will be removed.
- example
- examples
- test
- tests
- doc
- man
Cruft Found
This is a list of npm packages and their cruft.
If a package is found in this list when cruft is run,
any listed content will be removed.
Entries starting with a bang will not be removed. e.g. override defaults in the case they remove something they should not.
hawk
- images
boom
- images
ansi
- !examples
License
MIT
FAQs
Delete cruft from npm packages
We found that cruft demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 04 May 2014
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.
By Sarah Gooding - Jan 08, 2026
Security News
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.
By Sarah Gooding - Jan 08, 2026