Security News
MCP Community Begins Work on Official MCP Metaregistry
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
By Sarah Gooding - May 09, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
file-dependency-analyzer
Advanced tools
File dependency analyzer
Maintaining a project is not easy, especially large ones. To help, this tool is used to detect and optionally cleanup not dependent files.
You can analyze and cleanup any files you want (svg, js, etc). Just provide configuration and you are ready to go.
Tool is fully customizable, you can specify folders you want to analyze files in, or exclude folders from analyzing.
Installation
npm install -D file-dependency-analyzer
Usage
To run a script you need npx (npm is not currently supported)
// package.json
"scripts": {
"analyze": npx file-dependency-analyzer ./path-to-config-file.json
}
Config
Default ignore patterns (analyzing will be excluded in below folders)
[
'node_modules',
'git',
'vscode',
'idea',
'package.json',
'package-lock.json',
'README.md',
'dist',
]
You can add specific globalIgnorePatterns in config
| Property | Type | Default | Description |
|---|---|---|---|
globalIgnorePatterns | Array | [] | List of all folders/paths you want exclude from analyzing |
extensions | Object | {} | Object of extensions with specific configuration |
Extensions
Is a key value object with specific configuration
| Property | Type | Default | Description |
|---|---|---|---|
analyzeFrom | Array | [] | List of folders where files to analyze are located |
analyzeIn | Array | [] | List of folders you want to analyze files |
ignorePatterns | Array | [] | List of folders you exclude from analyzing |
mode | String | analyze | analyze or cleanup (analyze and remove unused files) |
If analyzeFrom, analyzeIn are empty or not defined, files will be analyzed for all project files.
Config example
{
"globalIgnorePatterns": [".docker-cache"],
"extensions": {
"svg": {
"analyzeFrom": [], <- it will search for all svg files throughout the project
"analyzeIn": ["/components"],
"ignorePatterns": ["/configs"],
"mode": "cleanup",
},
"js": {
"analyzeFrom": ["/configs", "/assets"],
"analyzeIn": [], <- files will be analyzed throughout the project
"ignorePatterns": [],
"mode": "analyze"
}
}
}
License
Copyright (c) 2022 Rafal Poreba. Licensed under the MIT license.
FAQs
Tool used to analyze and cleanup unused files
The npm package file-dependency-analyzer receives a total of 1 weekly downloads. As such, file-dependency-analyzer popularity was classified as not popular.
We found that file-dependency-analyzer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 01 Mar 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025