npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

dependency-detective

v0.1.3

Published

Analyzes your project's dependencies, identifies unused ones, forecasts potential security risks, and suggests better alternatives

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

marvinackermanmarvinackerman

Keywords

dependenciesnpmnodesecurityoptimization

Readme

dependency-detective 🕵️‍♂️

A powerful Node.js tool that analyzes your project's dependencies, identifies unused packages, forecasts potential security risks, and suggests better alternatives based on community engagement and update frequency.

🔍 Overview

dependency-detective addresses a common pain point that virtually every Node.js developer faces - dependency management gets messy as projects grow, and it's hard to know which packages are actually being used, which ones pose security risks, and which ones could be replaced with better alternatives.

✨ Features

  • Unused Dependencies Detection: Identifies truly unused packages that can be safely removed
  • Security Vulnerabilities Check: Highlights packages with known security issues
  • Alternative Package Suggestions: Recommends better alternatives based on community adoption, performance metrics, and update frequency
  • Detailed Reporting: Get comprehensive information about your dependency health in an easy-to-read format

📋 Installation

# Install globally
npm install -g dependency-detective

# Or use with npx
npx dependency-detective

🚀 Usage

# Run in your project directory
dependency-detective

# Or specify a different project directory
dependency-detective --directory /path/to/your/project

# Show more detailed information
dependency-detective --verbose

# Skip alternative package suggestions
dependency-detective --no-suggestions

📊 Example Output

📦 DEPENDENCY DETECTIVE REPORT

🗑️  Unused Dependencies:
  jquery v3.6.0
  moment v2.29.4

  Removing these could save approximately ~10MB of disk space

🔒 Security Vulnerabilities:
  lodash (1 issues)

💡 Recommended Alternatives:
  moment → date-fns
  jquery → No dependency needed
  express → fastify

📋 Next Steps:
  1. Run with --verbose flag for more detailed information
  2. Consider removing unused dependencies with: npm uninstall [package-names]
  3. Address security vulnerabilities by updating affected packages
  4. Evaluate suggested alternatives for potential improvements

🔧 Options

| Option | Description | |--------|-------------| | -d, --directory <path> | Project directory to analyze (default: current directory) | | -v, --verbose | Show detailed output including reasons and statistics | | --no-suggestions | Skip suggesting alternative packages | | --help | Display help information | | --version | Display version number |

🧩 How It Works

  1. Scanning Source Code: The tool scans your project files looking for import/require statements
  2. Dependency Analysis: It cross-references found imports with your package.json
  3. Security Checking: It queries security databases for known vulnerabilities
  4. Alternative Analysis: It evaluates potential alternative packages based on multiple metrics
  5. Report Generation: It presents findings in a clear, actionable format

🛠️ For Developers

Project Structure

dependency-detective/
├── index.js           # CLI entry point
├── package.json
└── src/
    ├── analyzer.js            # Main analysis logic
    ├── unused-detector.js     # Detects unused dependencies
    ├── security-checker.js    # Checks for vulnerabilities
    └── alternative-suggester.js # Suggests better alternatives

Local Development

# Clone the repository
git clone https://github.com/yourusername/dependency-detective.git
cd dependency-detective

# Install dependencies
npm install

# Link for local testing
npm link

# Run tests
npm test

⚠️ Limitations

  • The tool may not detect dependencies used in dynamically generated requires or imports
  • Security vulnerability detection relies on external databases which may not be 100% complete
  • Alternative suggestions are based on general community metrics and might not be ideal for every specific use case

📝 Roadmap

  • [ ] Improve detection accuracy with AST parsing
  • [ ] Add support for monorepos and workspaces
  • [ ] Visual reporting with charts and graphs
  • [ ] Interactive mode for bulk actions on dependencies
  • [ ] Customizable rules and thresholds
  • [ ] GitHub Actions integration

📄 License

MIT

👥 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add some amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

🙏 Acknowledgements

  • Thanks to all the open-source package maintainers
  • Inspired by similar tools like depcheck and npm-check