npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

packscan

v0.1.2

Published

A single-command dependency health check for every Node.js project.

Readme

packscan

A single-command dependency health check for every Node.js project.

packscan examines your package.json and source code, then delivers a clean, colorful report that uncovers:

  • Unused dependencies – packages you're not importing
  • Phantom dependencies – packages you import but forgot to declare
  • Outdated packages – what's behind, and by how much
  • Security vulnerabilities – with severity levels and fix hints
  • Deprecated packages – and which modern alternative to use instead

Say goodbye to juggling depcheck, npm-check, npm audit, and manual guesswork. packscan does it all in one command.



Quick Start

npx packscan

# Install globally
npm install -g packscan

# Run a complete health check in any project
packscan

Works with npm, yarn, and pnpm projects – packscan auto‑detects your package manager.


Features

Full Dependency Intelligence

  • Unused dependencies – AST‑powered detection for ESM, CommonJS, dynamic imports, and TypeScript
  • Phantom dependencies – finds imports missing from package.json (prevents broken production builds)
  • Outdated check – current vs. wanted vs. latest, with semver‑aware coloring
  • Security audit – wraps your package manager’s native audit and highlights high‑risk items
  • Deprecated packages – knows about request, moment, underscore, and more, and suggests better replacements

Developer Experience

  • One commandpackscan for a full report, packscan fix to auto‑remove unused deps and install phantoms
  • Beautiful terminal output – color‑coded, scannable, and structured
  • Smart filtering – ignores Node core modules, well‑known tooling (eslint, typescript), and project‑internal path aliases (@/, ~/)
  • Lightning fast – all checks run concurrently, and file parsing is cached for large codebases

Auto‑Fix

packscan fix will:

  • Remove every package marked as unused
  • Install every missing phantom dependency

With a simple confirmation prompt – no manual package.json editing.


Example Output

┌────────────────────────────────────────┐
│                                        │
│   📦 packscan Dependency Health Report  │
│                                        │
└────────────────────────────────────────┘

🚨 CRITICAL ISSUES
  🔴 axios: Server‑Side Request Forgery (high)
  🔴 Phantom dependencies found: lodash

🗑️  Unused Dependencies
   • moment (prod)
   • request-promise (prod)

📦 Outdated Packages
   • next: 13.4.7 → 14.0.0 (wanted: 13.4.7)
   • lucide-react: 0.263.1 → 0.290.0 (wanted: 0.263.1)

⚰️  Deprecated Packages
   • request → node-fetch
   • moment → date-fns

┌────────────────────────────┐
│  Overall Health Score: 62  │
└────────────────────────────┘

💡 Quick Actions:
   Run `packscan fix` to automatically remove unused dependencies
   and install missing phantoms.

Installation

# npm
npm install -g packscan

# yarn
yarn global add packscan

# pnpm
pnpm add -g packscan

Then simply run packscan in any project folder. The tool will detect the local package manager and act accordingly.


Commands

packscan (default)

Performs a full dependency audit and prints the health report.

packscan

packscan fix

Automatically removes unused dependencies and installs phantom dependencies.

packscan fix

Contributing

Contributions are welcome! If you’d like to add a new deprecation suggestion, improve the AST parser, or build an integration, please open an issue or PR on GitHub.

Check the CONTRIBUTING.md for local setup instructions.


License

MIT © Holiday