New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

vite-dead-code

Package Overview
Dependencies
Maintainers
1
Versions
5
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

vite-dead-code

Dead code removal for Vite

latest
Source
npmnpm
Version
1.0.0
Version published
Maintainers
1
Created
Source

vite-dead-code

Strips dead code from Javascript

npm version npm downloads License

Install

pnpm add vite-dead-code

Usage

import { defineConfig } from 'vite'
import { deadCode } from 'vite-dead-code'

export default defineConfig({
  plugins: [deadCode({
    replaceValues: {
        yourKey: true
    },
    stripConsole: false, // strip `console` entirely
    stripConsoleLevel: 'off' // strip up to `console.LEVEL`
  })]
})

How it works

Understanding how the plugin works is pretty important when you use it, so here's an overview of what it does.

  • Parse the javascript into an AST
  • Traverse the AST and find any keys in replaceValues that can be replaced in code with boolean literals (only inside if statements)
    • stripConsole: If true we strip any console usages in its entirety (may have unintended side effects)
    • stripConsoleLevel: If stripConsole is false we can use this to only skip console logging up to a certain level (inclusive) off, log, info, warn, error
  • Traverse the AST a second time, this time finding all if statements in your code, any statements that consist only of boolean literals are evaluated to either true or false
    • true: Keep the code within the if statement, removing any else or else if that follows it as well
    • false: Remove the if statement, and if it has an else statement use that, if it has an else if statement continue to parse it as well
// If replaceValues.keepMe = true and stripConsoleLevel = 'log'
if (!!keepMe && true) {
    console.warn('Keep me')
    console.log('Remove me')
} else {
    console.log('Remove me')
}
// Becomes
{
    console.warn('Keep me')
}

Options

Optional replaceValues: Record<string, boolean>

default: {}

Sets the values to replace.

Example

deadCode({
  replaceValues: {
    keepMe: true,
    debug: process.env.NODE_ENV === 'development'
  },
})

Optional stripConsole: boolean

default: false

Example

Strips all console uses. Note that it doesn't just strip the logging related entries, it strips anything that uses console, which can have unintended side effects. If you just want to remove logging use stripConsoleLevel: 'error' instead.

deadCode({
  stripConsole: true
})

Optional stripConsoleLevel: string

default: off

Example

This will strip all entries up to and including warn, leaving only error in your final output. Note that if you set stripConsole: true then this option is never used since if you strip the console in its entirety there's no point in checking which level to strip.

deadCode({
  stripConsoleLevel: 'warn'
})

Keywords

vite

FAQs

Package last updated on 17 Jul 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026