packscan
v0.1.2
Published
A single-command dependency health check for every Node.js project.
Maintainers
Readme
packscan
A single-command dependency health check for every Node.js project.
packscan examines your package.json and source code, then delivers a clean,
colorful report that uncovers:
- Unused dependencies – packages you're not importing
- Phantom dependencies – packages you import but forgot to declare
- Outdated packages – what's behind, and by how much
- Security vulnerabilities – with severity levels and fix hints
- Deprecated packages – and which modern alternative to use instead
Say goodbye to juggling depcheck, npm-check, npm audit, and manual guesswork.
packscan does it all in one command.
Quick Start
npx packscan
# Install globally
npm install -g packscan
# Run a complete health check in any project
packscanWorks with npm, yarn, and pnpm projects – packscan auto‑detects your package manager.
Features
Full Dependency Intelligence
- Unused dependencies – AST‑powered detection for ESM, CommonJS, dynamic imports, and TypeScript
- Phantom dependencies – finds imports missing from
package.json(prevents broken production builds) - Outdated check – current vs. wanted vs. latest, with semver‑aware coloring
- Security audit – wraps your package manager’s native audit and highlights high‑risk items
- Deprecated packages – knows about
request,moment,underscore, and more, and suggests better replacements
Developer Experience
- One command –
packscanfor a full report,packscan fixto auto‑remove unused deps and install phantoms - Beautiful terminal output – color‑coded, scannable, and structured
- Smart filtering – ignores Node core modules, well‑known tooling (
eslint,typescript), and project‑internal path aliases (@/,~/) - Lightning fast – all checks run concurrently, and file parsing is cached for large codebases
Auto‑Fix
packscan fix will:
- Remove every package marked as unused
- Install every missing phantom dependency
With a simple confirmation prompt – no manual package.json editing.
Example Output
┌────────────────────────────────────────┐
│ │
│ 📦 packscan Dependency Health Report │
│ │
└────────────────────────────────────────┘
🚨 CRITICAL ISSUES
🔴 axios: Server‑Side Request Forgery (high)
🔴 Phantom dependencies found: lodash
🗑️ Unused Dependencies
• moment (prod)
• request-promise (prod)
📦 Outdated Packages
• next: 13.4.7 → 14.0.0 (wanted: 13.4.7)
• lucide-react: 0.263.1 → 0.290.0 (wanted: 0.263.1)
⚰️ Deprecated Packages
• request → node-fetch
• moment → date-fns
┌────────────────────────────┐
│ Overall Health Score: 62 │
└────────────────────────────┘
💡 Quick Actions:
Run `packscan fix` to automatically remove unused dependencies
and install missing phantoms.Installation
# npm
npm install -g packscan
# yarn
yarn global add packscan
# pnpm
pnpm add -g packscanThen simply run packscan in any project folder. The tool will detect the local package manager and act accordingly.
Commands
packscan (default)
Performs a full dependency audit and prints the health report.
packscanpackscan fix
Automatically removes unused dependencies and installs phantom dependencies.
packscan fixContributing
Contributions are welcome! If you’d like to add a new deprecation suggestion, improve the AST parser, or build an integration, please open an issue or PR on GitHub.
Check the CONTRIBUTING.md for local setup instructions.
License
MIT © Holiday
