tidy-depsv2.0.2 on npm ↗

Local-first · MIT · v2.0.2

Stop shipping
dependencies
you don't use.

tidy-deps scans your project, finds the packages nothing imports, and lets you remove them on the spot — then checks what's left for outdated, deprecated, and risky-licensed packages. No servers, no accounts, everything stays on your machine.

runs on
npm · yarn · pnpm · bun
requires
Node.js ≥ 16
license
MIT
$ npx tidy-deps

Three commands

That's the whole workflow — scan, choose, and audit what survives. Nothing runs without you confirming it.

01

npx tidy-deps

Scan

Walks your source files and cross-references every import against dependencies and devDependencies.

02

1,3 / all / none

Choose

Review what's unused and decide what goes — package by package, all at once, or not at all.

03

npx tidy-deps --audit

Audit

Check what's left for outdated versions, deprecated packages, risky licenses, and lockfile drift.

What it removes

tidy-deps checks both dependencies and devDependencies against what your code actually imports — anything declared but unused gets flagged.

package.json
"express": "^4.19.2",
- "@yarnpkg/lockfile": "^1.1.0",// no longer imported anywhere
"prisma": "^6.1.0",
- "chalk": "^5.0.0",// unused after CLI refactor
"resend": "^4.0.0",
- "yaml": "^2.8.1",// config moved to JSON
  • Selective removal

    Review the list and choose exactly which packages go — by number, all at once, or none.

  • Cross-manager support

    Detects whether you're on npm, yarn, pnpm, or bun and reads the right lockfile automatically.

  • Skip-the-prompt mode

    Run with --no-remove to see what's unused without touching package.json — useful in CI.

  • Zero config

    No setup file, no schema to learn. Point it at a project and it works.

$ npx tidy-deps --audit

A full health check, not just a cleanup.

Audit mode goes further than usage — it checks every dependency against the registry itself.

  • Outdatedpatch, minor, and major versions available
  • Deprecatedpackages flagged by their own authors
  • Licensesrisky copyleft terms — GPL, AGPL, LGPL
  • Lockfiledrift between the lockfile and package.json

🔍 Running audit...

✔ [████████████████████] 100% — done

┌─ Outdated ─────────────────────────────────────────────┐
│  MAJOR    commander            ^12.1.0 → 15.0.0        │
│  MINOR    chalk                ^5.0.0  → 5.6.2         │
└────────────────────────────────────────────────────────┘
┌─ Summary ──────────────────────────────────────────────┐
│  5 errors · 3 warnings · 0 info                        │
└────────────────────────────────────────────────────────┘