Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

dep-sweeper

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

dep-sweeper

Analyze a project and remove unused dependencies, devDependencies, or duplicate versions across monorepos. Check for compatible dependencies.

1.1.0
latest
npmnpm
Version published
Maintainers
1
Created
Source

dep-sweeper

๐Ÿงน A powerful tool to analyze and clean up your project dependencies. Remove unused dependencies, find duplicates across monorepos, and check for compatibility issues.

Features

  • ๐Ÿ” Unused Dependency Detection: Scan your codebase and identify dependencies that are not being used
  • ๐Ÿšซ Automatic Cleanup: Automatically remove unused dependencies and devDependencies
  • ๐Ÿ”„ Duplicate Resolution: Find and automatically fix duplicate versions of packages across monorepo workspaces
  • โšก Compatibility Auto-Fix: Automatically resolve version conflicts and install missing peer dependencies
  • ๐Ÿค– Full Auto-Fix Mode: One command to fix all issues automatically
  • ๐Ÿ“Š Detailed Reports: Get comprehensive analysis reports with actionable insights
  • ๐ŸŽฏ Monorepo Support: Full support for Lerna, Rush, Yarn Workspaces, and npm workspaces

Installation

# Global installation
npm install -g dep-sweeper

# Local installation
npm install --save-dev dep-sweeper

Usage

Command Line Interface

# Analyze current directory
dep-sweeper analyze

# Analyze specific directory
dep-sweeper analyze ./my-project

# Remove unused dependencies (dry run by default)
dep-sweeper clean

# Automatically remove unused dependencies
dep-sweeper clean --auto

# Apply changes after review
dep-sweeper clean --apply

# Fix duplicate versions automatically
dep-sweeper fix-duplicates --auto

# Fix compatibility issues automatically
dep-sweeper fix-compatibility --auto

# Auto-fix everything (unused, duplicates, compatibility)
dep-sweeper auto-fix --auto

# Check for duplicates in monorepo
dep-sweeper duplicates

# Check compatibility
dep-sweeper compatibility

# Full analysis with all checks
dep-sweeper audit

Automatic Fixing

dep-sweeper can automatically fix issues without manual intervention:

# Auto-fix everything in one command
dep-sweeper auto-fix --auto

# Fix only unused dependencies automatically
dep-sweeper clean --auto

# Fix only duplicate versions
dep-sweeper fix-duplicates --auto

# Fix only compatibility issues
dep-sweeper fix-compatibility --auto
  • --apply: Apply changes instead of dry run
  • --ignore <patterns>: Ignore specific packages or patterns
  • --include-dev: Include devDependencies in analysis
  • --verbose: Show detailed output
  • --format <type>: Output format (json, table, csv)

Programmatic API

import { DepCleaner } from 'dep-sweeper';

const cleaner = new DepCleaner({
  projectPath: './my-project',
  includeDev: true
});

// Analyze unused dependencies
const analysis = await cleaner.analyzeUnused();
console.log(analysis);

// Find duplicates
const duplicates = await cleaner.findDuplicates();
console.log(duplicates);

// Check compatibility
const compatibility = await cleaner.checkCompatibility();
console.log(compatibility);

Configuration

Create a .dep-sweeper.json file in your project root:

{
  "ignore": ["react", "@types/*"],
  "includeDev": true,
  "monorepo": {
    "type": "lerna",
    "workspaces": ["packages/*"]
  },
  "compatibility": {
    "strict": false,
    "checkPeerDeps": true
  }
}

Examples

Basic Project Cleanup

# Navigate to your project
cd my-project

# Run analysis
dep-sweeper analyze

# Auto-fix all issues
dep-sweeper auto-fix --auto

# Or clean unused dependencies manually
dep-sweeper clean --apply

Monorepo Management

# Auto-fix duplicates across workspaces
dep-sweeper fix-duplicates --auto

# Or check and manually fix duplicates
dep-sweeper duplicates --verbose
dep-sweeper fix-duplicates --apply

Output Examples

Unused Dependencies Report

๐Ÿ” Analyzing dependencies...

๐Ÿ“ฆ Found 3 unused dependencies:
  โŒ lodash (4.17.21) - Last used: never
  โŒ moment (2.29.4) - Last used: never
  โŒ axios (0.27.2) - Last used: never

๐Ÿ’พ Potential savings: 2.3MB

๐Ÿ”ง Run with --apply to remove unused dependencies

Duplicate Dependencies Report

๐Ÿ”„ Checking for duplicates across workspaces...

๐Ÿ“ฆ Found 2 duplicate packages:
  โš ๏ธ  react
    โ””โ”€โ”€ packages/web: 18.2.0
    โ””โ”€โ”€ packages/mobile: 17.0.2
    โ””โ”€โ”€ packages/shared: 18.1.0

  โš ๏ธ  typescript
    โ””โ”€โ”€ packages/api: 4.8.4
    โ””โ”€โ”€ packages/web: 4.9.3

License

MIT ยฉ [Your Name]

Contributing

Contributions are welcome! Please read our contributing guidelines and submit pull requests to our repository.

Support

  • ๐Ÿ“– Documentation
  • ๐Ÿ› Report Issues
  • ๐Ÿ’ฌ Discussions

Keywords

dependencies
cleanup
monorepo
unused
duplicate
npm

FAQs

Package last updated on 14 Jul 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials

Research

Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials

Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.

By Kush Pandyaย  - ย Sep 05, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with โšก๏ธ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.