Smart Dependency Analyzer & Optimizer for Node.js Projects
Features β’ Installation β’ Quick Start β’ Documentation β’ Contributing β’ License
Problem: Node.js projects accumulate unused dependencies over time, leading to:
- πΎ Bloated bundle sizes (30-40% larger than necessary)
- π Slower CI/CD builds and cold starts
- π Increased security vulnerabilities from unused packages
- π° Wasted disk space and bandwidth
Solution: DepShield automatically detects unused dependencies, shows package sizes, calculates potential savings, and helps you maintain a clean, efficient project.
- π Accurate Detection - AST-based parsing finds unused dependencies with 95%+ accuracy
- β‘ Lightning Fast - Scans 100+ files in under 5 seconds
- π Package Size Analysis - Shows real package sizes and potential savings
- π¨ Beautiful CLI - Intuitive, emoji-rich output that's easy to understand
- π¦ Smart Filtering - Automatically excludes build tools and common dev dependencies
- π§ Configurable - Customize scanning with
depshield.config.json - π CI/CD Ready - JSON export and exit codes for automation
- π Multi-Format Support - Works with JavaScript, TypeScript, ESM, CommonJS
- π― Zero Dependencies (in production) - Lightweight and secure
pnpm add -g depshieldnpm install -g depshieldyarn global add depshield# Scan current directory
depshield scan
# Scan specific path
depshield scan --path ./backend
# Output JSON for CI/CD
depshield scan --jsonπ‘οΈ DepShield: Starting scan...
β Read package.json (my-app@1.0.0)
β Found 145 source files
β Parsed files. Found 89 unique imports
β Analysis complete
β Analyzed 145 files in 2.3s
π¦ Unused Dependencies (3 found):
β’ lodash (69.8 KB) - Not imported anywhere
β’ moment (3.2 MB) - Not imported anywhere
β’ axios (30.0 KB) - Not imported anywhere
π° Potential Savings: 3.3 MB
π‘ Recommendation:
Review the unused dependencies above and remove them if not needed.
Run: npm uninstall <package-name>
Check your project for known security vulnerabilities using the underlying npm audit or pnpm audit tools, but with a cleaner, summarized output.
# Run standalone audit
depshield audit
# Run audit alongside dependency scan
depshield scan --auditDepShield supports npm workspaces and pnpm workspaces. You can scan all packages in your monorepo in one go.
# Scan all workspace packages
depshield scan --workspaceIntegrate DepShield directly into your CI/CD pipeline using our official GitHub Action.
# .github/workflows/depshield.yml
name: DepShield Scan
on: [push, pull_request]
jobs:
depshield:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: rascal-sl/depshield@v1
with:
path: '.'
audit: true
strict: true # Fail build if issues foundCreate a depshield.config.json in your project root:
{
"include": ["src/**/*.{js,ts}", "lib/**/*.js"],
"exclude": ["**/*.test.js", "**/*.spec.ts", "dist/**"],
"ignorePackages": ["@types/*", "eslint-*"],
"strictMode": false
}| Option | Type | Default | Description |
|---|---|---|---|
include |
string[] |
["**/*.{js,ts,jsx,tsx,mjs,cjs}"] |
File patterns to scan |
exclude |
string[] |
["**/node_modules/**", "**/dist/**", ...] |
File patterns to ignore |
ignorePackages |
string[] |
[] |
Package names or patterns to ignore |
strictMode |
boolean |
false |
Exit with code 1 if unused deps found (for CI/CD) |
# Before: 5.2s cold start
depshield scan
# Remove 3 MB of unused deps
# After: 3.1s cold start (40% faster!)# Add to your GitHub Actions
depshield scan --json > report.json# Scan each workspace
pnpm --filter "*" exec dep shield scandepshield scan --json{
"projectName": "my-app",
"unusedDependencies": [
{ "name": "lodash", "size": 71475, "type": "production" }
],
"totalSavings": 71475
}{
"strictMode": true
}Exit codes:
0- No unused dependencies1- Unused dependencies found
We actively welcome contributions! Whether you're fixing bugs, improving documentation, or adding features, your help is appreciated.
- π Bug Fixes - Found an issue? We'd love your PR!
- β¨ Feature Enhancements - Have ideas? Let's discuss!
- π Documentation - Help us make docs clearer
- π§ͺ Testing & QA - More test coverage is always better
- π Internationalization - Support for more languages
See CONTRIBUTING.md for detailed guidelines.
- v0.1.0 - MVP with unused dependency detection
- v0.2.0 - Security vulnerability scanning
- v0.3.0 - GitHub Action integration
- v1.0.0 - Web dashboard
- v1.5.0 - Auto-fix PRs
- v2.0.0 - Enterprise features (SSO, audit logs)
| Feature | depcheck | npm-check | Snyk | DepShield |
|---|---|---|---|---|
| Unused detection | β | β | β | β |
| Package sizes | β | β | β | β |
| Modern CLI | β | β | β | |
| Active maintenance | β | β | β | β |
| Free for OSS | β | β | β | |
| Config file | β | β | β | β |
"DepShield helped us reduce our Docker image size by 40% and cut Lambda cold starts in half!"
β Development Team at TechCorp
"Found 12 unused packages we didn't know about. Saved 15 MB and improved build times by 30%."
β Sarah Chen, Senior Developer
- Monorepos: Limited support in current version (v1.1 planned)
- Dynamic imports: String template requires not detected
- Peer dependencies: Not specially marked (planned)
See Issues for full list.
MIT Β© Tisankan
See LICENSE file for details.
Created by Tisankan
- Website: https://tisankan.dev
- LinkedIn: https://www.linkedin.com/in/tisankan/
- GitHub: @tisankan
If DepShield has helped you, please:
- β Star this repository
- π¦ Tweet about it
- π Write a blog post
- π¬ Tell your colleagues
- Built with β€οΈ using @babel/parser
- Inspired by depcheck and npm-check
Made with β€οΈ by developers, for developers
Report Bug β’ Request Feature β’ Get Help