Finding and Removing Unused Dependencies
Use package.json diff to verify that deprecated or unused packages have been properly removed, reducing bundle size and security surface.
Detailed Explanation
Tracking Dependency Removals
The Package.json Diff tool marks any package in A that is missing from B as removed with a red indicator. This is the inverse of additions -- it helps you verify that cleanup PRs actually removed the intended packages.
Common scenarios for removing packages
- Replacing one library with another (e.g., moment.js with date-fns)
- Removing deprecated packages that are no longer maintained
- Eliminating unused dependencies found by tools like
depcheck - Consolidating duplicate functionality where two packages do the same thing
- Reducing bundle size by removing heavy packages
Example diff output
dependencies:
- moment: ^2.29.4 [REMOVED]
- lodash: ^4.17.21 [REMOVED]
+ date-fns: ^3.0.0 [ADDED]
+ lodash-es: ^4.17.21 [ADDED]
Verification checklist
When reviewing a PR that removes packages:
| Check | Why |
|---|---|
| No remaining imports | grep -r "from 'package-name'" src/ |
| Tests still pass | Removed packages were not used in test utilities |
| Build succeeds | No broken references in config files |
| Lock file updated | Run npm install to regenerate lock file |
Using the filter
Click the Removed only filter to see just the deleted packages. Compare this list against the PR description to ensure all intended removals are present.
Use Case
A developer running a dependency cleanup sprint uses depcheck to find unused packages, removes them, and then uses Package.json Diff to verify the before-and-after state matches their expectations before committing.