npm-unused

Find unused dependencies in JS/TS projects.

Why Remove Unused Dependencies?

• Faster installs — fewer packages to download and resolve
• Smaller node_modules — saves disk space and speeds up CI builds
• Reduced attack surface — every dependency is a potential security risk
• Cleaner codebase — easier for new contributors to understand what the project actually uses

Install

npm install -g npm-unused
# or
npx npm-unused

Usage

npm-unused                          # scan current directory
npm-unused --dir /path/to/project   # scan a specific project
npm-unused --ignore jest eslint     # skip specific packages
npm-unused --json                   # machine-readable output
npm-unused --ci                     # exit code 1 if unused deps found

| Flag | Description | | ------------------- | ------------------------------------ | | --dir <path> | Project directory (default: cwd) | | --ignore <pkg...> | Packages to exclude from the report | | --json | Output as JSON | | --ci | Non-zero exit when unused deps exist | | -V, --version | Print version | | -h, --help | Show help |

Example

ℹ Scanned project at /home/user/my-app
ℹ Found 12 deps and 8 devDeps
ℹ Detected 15 imported packages in source files

❌ Unused dependencies:
  • axios
  • lodash

❌ Unused devDependencies:
  • eslint

Suggested fix:
  npm uninstall axios lodash eslint

How It Works

1. Reads dependencies / devDependencies from package.json
2. Discovers .js .jsx .ts .tsx files via fast-glob
3. Parses each file with @babel/parser + @babel/traverse to collect import, require, and dynamic import() calls
4. Reports any declared dependency not found in source

License

MIT