Skip to content
Check your npm module for unused dependencies
JavaScript Other
Branch: master
Clone or download
rumpl Merge pull request #477 from sveyret/eslint
special/eslint: corrections on dependencies resolver
Latest commit b188b46 Nov 14, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github chore: Update closing time in stale bot Nov 3, 2019
bin Friendly error messages for node < 4 (#219) Sep 10, 2018
build Automate building of TypeScript definitions Nov 4, 2019
doc chore: Remove the deprecated flag (#450) Nov 1, 2019
src special/eslint: do not require inherited dependencies Nov 13, 2019
test special/eslint: do not require inherited dependencies Nov 13, 2019
.babelrc Add support for babel 7's scoped plugins (#432) Oct 29, 2019
.editorconfig should is a devDependency. LF as line ending Oct 14, 2013
.eslintignore ESLint ignore the expected syntax error file. Sep 22, 2015
.eslintrc.yml Add prettier Nov 3, 2019
.gitattributes Add a lockfile Aug 12, 2018
.gitignore Added '--require package' to special/bin check (#227) Oct 13, 2017
.npmignore Add nyc_output folder to git and npm ignore. Nov 26, 2016
.prettierrc Add prettier Nov 3, 2019
.travis.yml Drop support for node 8 (#442) Oct 31, 2019
CHANGELOG.md chore: add changelog file Nov 8, 2019
CODE_OF_CONDUCT.md Add code of conduct (#447) Nov 1, 2019
CONTRIBUTING.md Add CONTRIBUTING.md file. Nov 21, 2015
LICENSE Check in LICENSE file. Sep 19, 2015
README.md Add TTypeScript transformer special parser Nov 4, 2019
appveyor.yml Drop support for node 8 (#442) Oct 31, 2019
dependent-build.yml Leverage dependent-build to run e2e test. Nov 29, 2016
false-alert.js Load typescript transpiler if available Nov 4, 2019
index.d.tmpl Automate building of TypeScript definitions Nov 4, 2019
package-lock.json Use node resolution for dependencies Nov 8, 2019
package.json Automate building of TypeScript definitions Nov 4, 2019

README.md

depcheck

Depcheck is a tool for analyzing the dependencies in a project to see: how each dependency is used, which dependencies are useless, and which dependencies are missing from package.json.

Status

Build Status Build status codecov.io

dependencies Status devDependencies Status

Installation

npm install -g depcheck

Notice: depcheck needs node.js >= 10.

Syntax Support

Depcheck not only recognizes the dependencies in JavaScript files, but also supports these syntaxes:

To get the syntax support by external dependency, please install the corresponding package explicitly. For example, for Typescript user, install depcheck with typescript package:

npm install -g depcheck typescript

Special

The special component is used to recognize the dependencies that are not generally used in the above syntax files. The following scenarios are supported by specials:

  • bin - Dependencies used in npm commands, Travis scripts or other CI scripts
  • eslint - ESLint configuration presets, parsers and plugins
  • tslint - TSLint configuration presets, parsers and plugins
  • webpack - Webpack loaders
  • babel - Babel presets and plugins
  • Grunt plugins
  • feross-standard - Feross standard format parser
  • mocha - Mocha explicit required dependencies
  • jest - Jest properties in Jest Configuration
  • commitizen - Commitizen configuration adaptor
  • gulp-load-plugins - Gulp-load-plugins lazy loaded plugins
  • gatsby - Gatsby configuration parser
  • husky - Husky configuration parser
  • lint-staged - Lint-staged configuration parser
  • ttypescript - ttypescript transformer parser

The logic of a special is not perfect. There might be false alerts. If this happens, please open an issue for us.

Usage

depcheck [directory] [arguments]

The directory argument is the root directory of your project (where the package.json file is). If unspecified, defaults to current directory.

All of the arguments are optional:

--ignore-bin-package=[true|false]: A flag to indicate if depcheck ignores the packages containing bin entry. The default value is false.

--skip-missing=[true|false]: A flag to indicate if depcheck skips calculation of missing dependencies. The default value is false.

--json: Output results in JSON. When not specified, depcheck outputs in human friendly format.

--ignores: A comma separated array containing package names to ignore. It can be glob expressions. Example, --ignores="eslint,babel-*".

--ignore-dirs: A comma separated array containing directory names to ignore. Example, --ignore-dirs=dist,coverage.

--help: Show the help message.

--parsers, --detectors and --specials: These arguments are for advanced usage. They provide an easy way to customize the file parser and dependency detection. Check the pluggable design document for more information.

API

Similar options are provided to depcheck function for programming:

import depcheck from 'depcheck';

const options = {
  ignoreBinPackage: false, // ignore the packages with bin entry
  skipMissing: false, // skip calculation of missing dependencies
  ignoreDirs: [ // folder with these names will be ignored
    'sandbox',
    'dist',
    'bower_components'
  ],
  ignoreMatches: [ // ignore dependencies that matches these globs
    'grunt-*'
  ],
  parsers: { // the target parsers
    '*.js': depcheck.parser.es6,
    '*.jsx': depcheck.parser.jsx
  },
  detectors: [ // the target detectors
    depcheck.detector.requireCallExpression,
    depcheck.detector.importDeclaration
  ],
  specials: [ // the target special parsers
    depcheck.special.eslint,
    depcheck.special.webpack
  ],
};

depcheck('/path/to/your/project', options, (unused) => {
  console.log(unused.dependencies); // an array containing the unused dependencies
  console.log(unused.devDependencies); // an array containing the unused devDependencies
  console.log(unused.missing); // a lookup containing the dependencies missing in `package.json` and where they are used
  console.log(unused.using); // a lookup indicating each dependency is used by which files
  console.log(unused.invalidFiles); // files that cannot access or parse
  console.log(unused.invalidDirs); // directories that cannot access
});

Example

The following example checks the dependencies under /path/to/my/project folder:

$> depcheck /path/to/my/project
Unused dependencies
* underscore
Unused devDependencies
* jasmine
Missing dependencies
* lodash

It figures out:

  • The dependency underscore is declared in the package.json file, but not used by any code.
  • The devDependency jasmine is declared in the package.json file, but not used by any code.
  • The dependency lodash is used somewhere in the code, but not declared in the package.json file.

Please note that, if a subfolder has a package.json file, it is considered another project and should be checked with another depcheck command.

The following example checks the same project, however, outputs as a JSON blob. Depcheck's JSON output is in one single line for easy pipe and computation. The json command after the pipe is a node.js program to beautify the output.

$> depcheck /path/to/my/project --json | json
{
  "dependencies": [
    "underscore"
  ],
  "devDependencies": [
    "jasmine"
  ],
  "missing": {
    "lodash": [
      "/path/to/my/project/file.using.lodash.js"
    ]
  },
  "using": {
    "react": [
      "/path/to/my/project/file.using.react.jsx",
      "/path/to/my/project/another.file.using.react.jsx"
    ],
    "lodash": [
      "/path/to/my/project/file.using.lodash.js"
    ]
  },
  "invalidFiles": {
    "/path/to/my/project/file.having.syntax.error.js": "SyntaxError: <call stack here>"
  },
  "invalidDirs": {
    "/path/to/my/project/folder/without/permission": "Error: EACCES, <call stack here>"
  }
}
  • The dependencies, devDependencies and missing properties have the same meanings in the previous example.
  • The using property is a lookup indicating each dependency is used by which files.
  • The value of missing and using lookup is an array. It means the dependency may be used by many files.
  • The invalidFiles property contains the files having syntax error or permission error. The value is the error details. However, only one error is stored in the lookup.
  • The invalidDirs property contains the directories having permission error. The value is the error details.

False Alert

Depcheck just walks through all files and tries to find the dependencies according to some predefined rules. However, the predefined rules may not be enough or may even be wrong.

There may be some cases in which a dependency is being used but is reported as unused, or a dependency is not used but is reported as missing. These are false alert situations.

If you find that depcheck is reporting a false alert, please open an issue with the following information to let us know:

  • The output from depcheck --json command. Beautified JSON is better.
  • Which dependencies are considered as false alert?
  • How are you using those dependencies, what do the files look like?

Changelog

We use the GitHub release page to manage changelog.

License

MIT License.

You can’t perform that action at this time.