Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
knip
Find and fix unused files, dependencies and exports in your TypeScript and JavaScript projects
Knip finds and fixes unused files, dependencies and exports in your JavaScript and TypeScript projects. Less code and dependencies lead to improved performance, less maintenance and easier refactorings.
- Website: knip.dev
- GitHub repo: webpro-nl/knip
- npm package: knip
- Discord
- Contributing Guide
- Sponsor Knip!
Contributors
Special thanks to the wonderful people who have contributed to Knip!
Knip
/'knɪp/ means "(to) cut" and is pronounced with a hard "K" 🇳🇱
Other packages similar to knip
depcheck
Depcheck is a tool that helps you find unused dependencies in your project. It analyzes your codebase to identify dependencies that are not being used. Compared to Knip, Depcheck focuses more on dependencies and does not provide functionality for identifying or removing unused files.
unimported
Unimported is a tool that helps you find and remove unused files and dependencies in your project. It provides similar functionality to Knip, including the ability to identify and remove unused files and dependencies. However, Unimported may have different configuration options and performance characteristics.
madge
Madge is a tool for visualizing and analyzing the dependency graph of your project. It can help you identify circular dependencies and unused files. While Madge provides some overlapping functionality with Knip, it is more focused on visualizing dependencies and analyzing the structure of your codebase.
FAQs
Find and fix unused dependencies, exports and files in your TypeScript and JavaScript projects
The npm package knip receives a total of 2,955,100 weekly downloads. As such, knip popularity was classified as popular.
We found that knip demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 31 Mar 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025