Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
depcheck is a tool that helps you to find unused dependencies in your project. It scans your project files and identifies which dependencies are not being used, which can help you to clean up your package.json file and reduce the size of your project.
Check for unused dependencies
This feature allows you to check for unused dependencies in your project. You can specify options to ignore certain directories or dependencies that match specific patterns.
const depcheck = require('depcheck');
const options = {
ignoreDirs: [
'sandbox',
'dist',
'bower_components'
],
ignoreMatches: [
'grunt-*'
]
};
depcheck('/path/to/your/project', options, (unused) => {
console.log(unused.dependencies); // an array containing the unused dependencies
console.log(unused.devDependencies); // an array containing the unused devDependencies
});
Check for missing dependencies
This feature allows you to check for dependencies that are used in your project but are not listed in your package.json file.
const depcheck = require('depcheck');
depcheck('/path/to/your/project', {}, (unused) => {
console.log(unused.missing); // a lookup containing the dependencies missing in package.json but used in the code
});
Check for invalid files
This feature allows you to identify files in your project that could not be parsed, which might indicate issues with those files.
const depcheck = require('depcheck');
depcheck('/path/to/your/project', {}, (unused) => {
console.log(unused.invalidFiles); // a lookup containing the files that could not be parsed
});
npm-check is a similar tool that checks for outdated, incorrect, and unused dependencies. It provides a more interactive experience compared to depcheck, allowing you to update and uninstall packages directly from the command line.
dependency-check is another tool that checks for missing or unused dependencies. It is more focused on ensuring that all dependencies are correctly listed in your package.json file, rather than identifying unused dependencies.
madge is a tool that provides a visual representation of your project's dependency graph. While it does not specifically focus on unused dependencies, it can help you understand the structure of your project and identify potential issues.
Keeping track of your dependencies is not an easy task, especially if you have a big application.
Are you sure you are using all of the dependencies you define in your package.json
file? One way to find out is to
look at all your files and check which modules you are using, but that's too time consuming. Or maybe you can do a
grep
on all the files of your project, and then some grep -v
to remove the junk. But that's a hassle too.
And that is why depcheck
exists.
It's a nifty little tool that looks at your package.json
file and scans your code in order to find any unused
dependencies.
Works with grunt dependencies too!
npm install depcheck -g
As easy as depcheck [DIRECTORY].
Where DIRECTORY is the root directory of your application (where the package.json is). This will list all the unused dependencies in your code if any.
--no-dev
: by default depcheck
looks at dependencies
and devDependencies
, this flag will tell it not to look at "devDependencies".
Or, as a lib:
var path = require("path");
var depcheck = require("depcheck");
var options = {
"withoutDev": false // Check against devDependencies too
};
var root = path.resolve("some path");
depcheck(root, options, function(unused) {
console.log(unused.dependencies);
console.log(unused.devDependencies);
});
Well, it's more of a "What do you think guys?".
There are a couple of things I would like to do if anyone is interested:
depcheck
can't find in your codegrunt-contrib-depcheck
would be niceFAQs
Check dependencies in your node module
The npm package depcheck receives a total of 825,787 weekly downloads. As such, depcheck popularity was classified as popular.
We found that depcheck demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.