npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

packmate

v2.2.0

Published

Your smart and friendly interactive assistant for dependency updates, security advisories, and cleanup.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

limkyungminlimkyungmin

Keywords

clidependencyupdatecleanupsecurityvulnerabilityscannernpmyarnpnpmdependency-managerremove-unusedtoolnodejs

Readme

Packmate is a modern CLI tool for managing, updating, and cleaning up your Node.js project dependencies.

It supports npm, pnpm, and yarn. With an intuitive interactive UI and powerful performance optimizations, Packmate helps you keep your project healthy and up-to-date—faster and safer than ever.

🤖 Why Packmate?

  • ⚡ Performance: Faster repeat runs with caching and parallel analysis
  • 🎯 Accuracy: Unused package detection with dev tool intelligence and cross-validation
  • 🛡️ Safety: Smart fallback for package managers, unused packages excluded from updates
  • 🎨 Clarity: Grouped UI sessions (Patch/Minor/Major) with color-coded updates
  • 🔧 Flexibility: Full configuration support via packmate.config.json
  • 🌍 Modern: Clean, professional English interface with intuitive workflows

🚀 Features

Performance & Optimization

  • 3-Level Caching System: Memory → Disk (1hr TTL) → Network
    • First run: Standard speed
    • Second run: Faster with cached registry data
  • Worker Pool Processing: Multi-core CPU utilization for file scanning (2-4x faster)
  • Compressed Caching: Experimental Brotli-based cache storage
  • Predictive Caching: Experimental package prediction and pre-loading
  • Adaptive Concurrency: Dynamic request throttling based on CPU cores (8-16 concurrent)

Security Awareness

  • Security Advisories:
    • npm audit based advisory detection
    • Direct/transitive advisory distinction
    • Security update candidates in the interactive flow
    • Transitive advisories explained without misleading direct selection

Smart Detection

  • Enhanced Unused Detection:
    • Dynamic import detection: import('module')
    • Conditional require detection: try-catch, if blocks
    • DevDependencies intelligence: Recognizes build tools, linters, type definitions
    • Cross-validation: precinct + depcheck for high confidence
  • Update Detection:
    • Grouped by Patch/Minor/Major with color coding
    • Unused packages are reviewed before update selection
    • Direct security advisories can be surfaced in the update flow
    • Semver-aware version comparison
  • Installation Detection: Finds declared but not installed packages

UI/UX Excellence

  • Grouped UI Sessions:
    • 🔹 Patch Updates (Green): Bug fixes, safe to update
    • 🔸 Minor Updates (Yellow): New features, backward compatible
    • 🔶 Major Updates (Red): Breaking changes, requires review
    • 🗑️ Unused Packages: High/Medium confidence levels
    • 📥 Not Installed: Missing declared dependencies
    • 🛡️ Security Advisories: Direct/transitive advisory distinction
  • Safety Features:
    • Confirmation prompt for major updates
    • Breaking change warnings
    • Clear action summaries
  • Visual Enhancements:
    • Color-coded version changes
    • Progressive feedback during analysis
    • Compact summary and final action review

Configuration & Flexibility

  • Smart Package Manager Detection:
    • Auto-detects from lock files (pnpm-lock.yaml, yarn.lock, package-lock.json)
    • Verifies installation status
    • Auto-fallback to available manager with helpful tips
  • Configurable Options:
    • Custom ignore patterns (glob support)
    • Analysis modes (conservative/moderate/aggressive)
    • UI customization (default selections, color schemes)
    • Cache settings (duration, location)

💾 Installation

npm install -g packmate
# or
pnpm add -g packmate
# or
yarn global add packmate

You can also run it instantly with:

npx packmate

📝 Usage

Basic Usage

From your project root, just run:

packmate

Command Line Options

packmate

Packmate is intentionally interactive. Run it from your project directory and choose updates, removals, and security actions from the guided prompts.

Typical Workflow Example:

┌  📦 Packmate: Dependency Updates & Cleanup
│
◇  Multiple lock files found. Which package manager should PackMate use?
│  pnpm

Analysis Summary
  Category   Count         Details
  Updates    7             Available package updates
  Unused     1             Possible cleanup candidates
  Missing    0             Declared but not installed
  Current    9             Already up-to-date
  Security   2 advisories  1 direct, 1 transitive

🗑️  Unused Packages (High Confidence: 1)
   Likely safe to remove
│
◇  Select packages to remove:
│  none

Security Risk: High (1)
   Update recommended
│
◇  Select security updates:
│  lodash  2 advisories

🔶 Major Updates (3)
   ⚠️  Breaking changes possible - Review carefully
│
◇  Select major updates (caution required):
│  none

Review Actions
  Security updates (1)
    - lodash (high)
  Updates (2)
    - fs-extra → 11.3.5
    - js-yaml → 4.1.1
│
◇  Proceed with 3 action(s)?
│  No
│
No changes were made.
│
└  Packmate complete! 🎉

⚙️ Requirements

  • Node.js v18 or later
  • Supports npm, yarn, and pnpm
  • Works on Mac, Linux, and Windows

🔑 CLI Options

No extra options needed—just run packmate in your project directory. All selections (update, remove, install) are interactive.

⚙️ Configuration

Packmate supports configuration via packmate.config.json or the packmate field in your package.json.

Example packmate.config.json:

{
  "ignorePatterns": ["@types/*", "eslint-*"],
  "analysisMode": {
    "unused": "moderate",
    "devDeps": true
  },
  "ui": {
    "groupSessions": true,
    "colorScheme": "auto",
    "defaultChecked": {
      "updateAvailable": true,
      "unused": false,
      "notInstalled": true,
      "latest": false
    }
  },
  "detection": {
    "dynamicImport": true,
    "conditionalRequire": true,
    "ignoreUnused": [
      "eslint",
      "prettier",
      "jest",
      "webpack"
    ]
  }
}

Configuration Options:

  • ignorePatterns: Array of glob patterns to ignore packages (e.g., ["@types/*"])
  • analysisMode.unused: Detection mode - "conservative" | "moderate" | "aggressive"
  • analysisMode.devDeps: Whether to analyze devDependencies separately
  • ui.groupSessions: Enable grouped UI sessions (Patch/Minor/Major)
  • ui.defaultChecked: Default selection states for each package type
  • detection.dynamicImport: Enable dynamic import detection
  • detection.conditionalRequire: Enable conditional require detection
  • detection.ignoreUnused: List of packages to always ignore in unused detection

Cache Management

Packmate automatically caches registry responses for faster subsequent runs. Clear cache if needed:

# Windows
del /q %TEMP%\packmate-cache\*

# Linux/Mac
rm -rf /tmp/packmate-cache/*

Cache location:

  • Windows: C:\Users\<user>\AppData\Local\Temp\packmate-cache
  • Linux/Mac: /tmp/packmate-cache

🤝 Contributing

Contributions are always welcome! Please feel free to open an issue or submit a pull request.

💳 License

MIT