npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mxdhavgautam/deptrace

v0.1.1

Published

A lightweight Node CLI tool to explain where a JavaScript/TypeScript dependency is being used in your project.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mxdhavgautammxdhavgautam

Keywords

dependenciesdependency-analysisclitypescriptjavascript

Readme

deptrace

Explain where a JavaScript or TypeScript dependency is used.

Package managers can tell you why a package is installed. deptrace tells you where your codebase actually uses it, which symbols or subpaths are imported, whether it appears in scripts/config, and what a cautious next step might be.

The npm package is scoped because the unscoped deptrace name is already taken.

Quick Start (without installation)

npx @mxdhavgautam/deptrace <package-name> --cwd /path/to/project

Installation (Optional)

For a project:

npm i -D @mxdhavgautam/deptrace

and then use with:

npm exec -- deptrace <package-name>

Or globally:

npm i -g @mxdhavgautam/deptrace

and then use with:

deptrace <package-name> --cwd /path/to/project

or run in any project root:

cd /path/to/project
deptrace <package-name>
deptrace <package-name> --json

Usage Examples

After installing globally or running through npm exec, the CLI accepts:

deptrace <package-name>
deptrace <package-name> --json
deptrace <package-name> --cwd ../some-project
deptrace @scope/pkg/subpath

Complete Examples

Keep Package:

Command:

deptrace razorpay

Output:

[email protected]

Package
  status: direct dependency
  declared in: dependencies
  version range: dependencies ^2.9.6
  installed: 2.9.6

Usage Summary
  source files: 1
  test files: 1
  config files: 0
  script matches: 0
  type-only imports: 0

Imports
  src/lib/razorpay.ts:3
    default from razorpay (esm-default-import, source)
    import Razorpay from "razorpay";
  src/lib/razorpay.ts:4
    validatePaymentVerification from razorpay/dist/utils/razorpay-utils (esm-named-import, source)
    import { validatePaymentVerification } from "razorpay/dist/utils/razorpay-utils";
  tests/lib/razorpay.test.ts:10
    (side effect) from razorpay (vi-mock, test)
    vi.mock("razorpay", () => {
  tests/lib/razorpay.test.ts:24
    razorpay-utils from razorpay/dist/utils/razorpay-utils (vi-mock, test)
    vi.mock("razorpay/dist/utils/razorpay-utils", () => ({

Script Usage
  none detected

Config Usage
  none detected

Runtime Signal
  none detected

Verdict
  KEEP
  confidence: high
  reasons:
    - Runtime source imports were found.
  next steps:
    - Keep the dependency unless the usage is intentionally being refactored.

Removal Candidate:

Command:

deptrace bcryptjs

Output:

[email protected]

Package
  status: direct dependency
  declared in: dependencies
  version range: dependencies ^3.0.3
  installed: 3.0.3

Usage Summary
  source files: 0
  test files: 0
  config files: 0
  script matches: 0
  type-only imports: 0

Imports
  none detected

Script Usage
  none detected

Config Usage
  none detected

Runtime Signal
  none detected

Verdict
  REMOVE_CANDIDATE
  confidence: medium
  reasons:
    - No source, test, config, or script usage was detected.
  next steps:
    - Remove it in a branch and run install, typecheck, tests, and build.

JSON

--json prints exactly one JSON object to stdout. Normal diagnostics are inside the report object; stderr is reserved for fatal errors before a report can be produced.

v0.1 Scope

deptrace v0.1 is intentionally narrow. It explains one dependency in one selected JS/TS package root using local evidence:

  • declaration bucket in package.json
  • installed package metadata from node_modules
  • source imports, requires, re-exports, dynamic string imports, and type-only imports
  • package script matches, including installed package binary names

And outputs them alongside:

  • config matches with confidence levels
  • workspace-root warnings
  • cautious verdicts like KEEP, REMOVE_CANDIDATE, MOVE_TO_DEV_CANDIDATE, and INSPECT

It does not yet implement --all, --unused, --ci, pruning, full workspace analysis, or bundle inspection.