lockdeps
v0.1.0
Published
Analyze package-lock.json: find duplicate packages, count transitive deps, and estimate dependency weight. Zero dependencies.
Maintainers
Readme
lockdeps
Find duplicate packages, count transitive deps, and audit licenses — straight from your
package-lock.json. Zero dependencies.
npm ls shows you the tree. npm audit shows you vulnerabilities.
lockdeps shows you the atmosphere: what's duplicated, what's heavy,
and what licenses you're shipping.
📦 lockdeps — Dependency Health Report
─────────────────────────────────────
Overview
Total packages (incl. transitive): 68
Direct dependencies: 3
Dev dependencies: 0
Transitive dependencies: 65
⚠ Duplicates Found (1)
content-type — 2 copies (1.0.5, 2.0.0)
Heaviest Dependencies (by transitive count)
express 64 ██████████████████████████████
chalk 0
lodash 0
Licenses
MIT 63
ISC 4
BSD-3-Clause 1Install
npm install -g lockdepsOr run it once without installing:
npx lockdepsUsage
lockdeps # analyze ./package-lock.json
lockdeps ./apps/api/package-lock.json
lockdeps --json # machine-readable JSON output
lockdeps --no-color # pipe-friendly, no ANSI
lockdeps --duplicates # show only duplicate packagesOptions
| Flag | Description |
|------|-------------|
| --json | Output as JSON (great for CI/pipelines) |
| --no-color | Disable ANSI colors |
| --duplicates | Show only packages installed at multiple versions |
| --version, -v | Show version |
| --help, -h | Show help |
Why?
Three things npm doesn't tell you at a glance:
Duplicates — When two of your dependencies require different versions of the same package, npm installs both. This silently bloats
node_modulesand your bundle. lockdeps finds them.Weight — Which direct dependency is pulling in 60 transitive packages? lockdeps traces the graph and shows you the heaviest offenders, so you know what to consider replacing.
Licenses — What are you actually shipping? lockdeps tallies every license across all transitive dependencies, flagging unknowns.
CI Integration
# .github/workflows/deps.yml
- run: npx lockdeps --json > deps-report.json
- run: npx lockdeps --duplicates # prints duplicates, doesn't failSupports
- ✅
package-lock.jsonv3 (npm 7+) - ✅
package-lock.jsonv2 (npm 7+) - ✅
package-lock.jsonv1 (npm 5–6) - ✅
npm-shrinkwrap.json
License
MIT
