From review
Automated tooling and detection patterns for analyzing npm dependencies, unused packages, and dead code. Provides tool commands and what to look for—not how to structure output.
npx claudepluginhub djankies/claude-configs --plugin reviewThis skill is limited to using the following tools:
This skill provides automated analysis commands and detection patterns for dependency issues. Use this as a reference for WHAT to check and HOW to detect issues—not for output formatting or workflow.
Detects dead code, unused exports, orphaned files, circular dependencies, unused packages, stale TODOs, and hygiene issues across 11 categories. Use scan, safe, aggressive modes on full codebase or paths.
Audits project dependencies for bloat, unused packages, security risks, supply-chain issues, and upgrades by building import graphs and verifying call sites in npm, pip, Cargo, Go, Ruby projects.
Detects unused files, dependencies, exports, and types in JavaScript/TypeScript projects using Knip. Plugins support React, Next.js, Vite, Vitest, Jest for codebase cleanup, bundle optimization, CI hygiene.
Share bugs, ideas, or general feedback.
This skill provides automated analysis commands and detection patterns for dependency issues. Use this as a reference for WHAT to check and HOW to detect issues—not for output formatting or workflow.
Run these scripts to gather metrics (if tools available):
bash ~/.claude/plugins/marketplaces/claude-configs/review/scripts/review-unused-deps.sh
Returns: Unused dependencies, unused devDependencies, missing dependencies (imported but not in package.json)
bash ~/.claude/plugins/marketplaces/claude-configs/review/scripts/review-unused-code.sh
Returns: Unused exports, unused files, unused enum/class members, unused types/interfaces
npm audit --json
npm audit --production --json
npm outdated
Look for:
npm run build -- --analyze
Returns: Bundle size breakdown, largest chunks
When automated tools unavailable or for deeper analysis, use Read/Grep/Glob to detect:
Read package.json:
cat package.json | jq '.dependencies, .devDependencies'
Check for:
Count imports for specific package:
grep -r "from ['\"]package-name['\"]" src/ | wc -l
grep -r "require(['\"]package-name['\"])" src/ | wc -l
Find all import locations:
grep -rn "from ['\"]package-name['\"]" src/
Multiple date libraries:
grep -E "moment|date-fns|dayjs|luxon" package.json
Multiple HTTP clients:
grep -E "axios|node-fetch|got|ky|superagent" package.json
Multiple testing frameworks:
grep -E "jest|mocha|jasmine|vitest" package.json
Uses skills tagged with review: true including reviewing-vitest-config from vitest-4 for detecting configuration deprecations and testing framework migration patterns.
Multiple utility libraries:
grep -E "lodash|underscore|ramda" package.json
Non-ES module imports:
grep -r "import .* from 'lodash'" src/
grep -r "import _ from" src/
Look for: Default imports that could be named imports from ES module versions
Large utility usage:
grep -rn "from 'lodash'" src/ | head -20
Look for: Single function imports that could be inlined
Exported but never imported:
# Find all exports
grep -rn "export (const|function|class|interface|type)" src/
# For each export, check if imported elsewhere
grep -r "import.*{ExportName}" src/
Unused utility files:
# Find utility/helper files
find src/ -name "*util*" -o -name "*helper*"
# Check if imported
grep -r "from.*utils" src/
Deprecated code markers:
grep -rn "@deprecated\|DEPRECATED\|DO NOT USE" src/
Use these criteria when classifying findings:
| Pattern | Severity | Rationale |
|---|---|---|
| Vulnerable dependency (critical/high) | critical | Security risk in production |
| Unused dependency >100kb | high | Significant bundle bloat |
| Multiple packages for same purpose | high | Maintenance overhead |
| Vulnerable dependency (moderate) | medium | Security risk, lower impact |
| Unused dependency 10-100kb | medium | Moderate bundle bloat |
| Unused devDependency | medium | Maintenance overhead |
| Single-use utility from large library | medium | Tree-shaking opportunity |
| Unused dependency <10kb | nitpick | Minimal impact |
| Loose version ranges (^, ~) | nitpick | Potential instability |
| Incorrect dependency category | nitpick | Organization issue |
High Confidence (Unused):
Medium Confidence (Low Usage):
Consider Alternatives:
| Category | Examples | Typical Size |
|---|---|---|
| Heavy date libs | moment | 70kb |
| Light date libs | dayjs, date-fns (tree-shaken) | 2-10kb |
| Heavy utilities | lodash (full) | 70kb |
| Light utilities | lodash-es (per function) | 1-5kb |
| HTTP clients | axios, node-fetch | 10-15kb |
| Native alternatives | fetch, Intl API | 0kb |
Replace large utility with inline:
// Before: lodash.debounce (71kb library)
import _ from 'lodash';
_.debounce(fn, 300);
// After: inline (0kb)
const debounce = (fn, ms) => {
let timeout;
return (...args) => {
clearTimeout(timeout);
timeout = setTimeout(() => fn(...args), ms);
};
};
Replace with tree-shakeable alternative:
// Before: full library
import moment from 'moment';
moment(date).format('YYYY-MM-DD');
// After: specific function
import { format } from 'date-fns/format';
format(date, 'yyyy-MM-dd');
Replace with native alternative:
// Before: lodash
import { isEmpty } from 'lodash';
isEmpty(obj);
// After: native
Object.keys(obj).length === 0;
Run automated scripts first (if tools available)
Parse script outputs for package names and file locations
Verify usage with grep for each flagged package
Read package.json to check:
Cross-reference findings: