dependency-analyzer
Dependency Analyzer
Comprehensive dependency analysis and optimization for JavaScript/TypeScript projects
Quick Commands
# Analyze all dependencies
npm run analyze:deps
# Find outdated packages
npm outdated --long
# Check for vulnerabilities
npm audit --audit-level=moderate
# Analyze bundle size impact
npx bundle-phobia-cli package-name
Core Functionality
Key Features
- Dependency Audit: Security vulnerabilities and outdated packages
- Bundle Analysis: Size impact and tree-shaking effectiveness
- Circular Detection: Find and resolve circular dependencies
- License Compliance: Verify license compatibility
- Update Strategy: Safe update recommendations
Detailed Information
For comprehensive details, see:
cat .claude/skills/dependency-analyzer/references/audit-guide.md
cat .claude/skills/dependency-analyzer/references/optimization-strategies.md
cat .claude/skills/dependency-analyzer/references/security-best-practices.md
Usage Examples
Example 1: Full Dependency Audit
import { DependencyAnalyzer } from '@j0kz/dependency-analyzer';
const analyzer = new DependencyAnalyzer();
const report = await analyzer.audit({
checkVulnerabilities: true,
checkOutdated: true,
checkLicenses: true,
checkBundleSize: true
});
console.log(report.summary);
Example 2: Find Circular Dependencies
const circles = await analyzer.findCircularDependencies();
if (circles.length > 0) {
console.log('Circular dependencies found:', circles);
}
Configuration
{
"dependency-analyzer": {
"autoFix": false,
"severity": "moderate",
"ignoreDev": false,
"maxBundleSize": "500kb",
"allowedLicenses": ["MIT", "Apache-2.0", "BSD-3-Clause"]
}
}
Integration with CI/CD
# GitHub Actions example
- name: Dependency Audit
run: |
npm audit --audit-level=moderate
npx @j0kz/dependency-analyzer audit --fail-on-high
Notes
- Integrates with npm, yarn, and pnpm
- Caches results for faster subsequent runs
- Supports monorepo structures
- Can generate SBOM (Software Bill of Materials)
More from j0kz/mcp-agents
security-first
Universal security checklist based on OWASP Top 10 for ANY project type or language. Use before deploying to production, handling sensitive data, or processing user input.
11api-integration
Master third-party API integration in ANY language with best practices and patterns. Use when connecting to external services, handling OAuth, or implementing webhooks.
7dependency-doctor
Diagnose and heal dependency issues in ANY package manager, ANY language. Use when facing version conflicts, security vulnerabilities, or dependency bloat.
5security-scanner
Comprehensive security vulnerability scanning. Use when checking for OWASP vulnerabilities, scanning for secrets/API keys, auditing dependencies for CVEs, or running pre-commit security checks.
4zero-to-hero
Go from zero knowledge to codebase expert in ANY project, ANY size, ANY language. Use when onboarding to a new codebase or trying to understand unfamiliar code.
3competitive-ads-extractor
Extracts and analyzes competitor ads from ad libraries (Facebook, LinkedIn, TikTok, Google). Use when researching competitor messaging, creative patterns, campaign strategies, or ad inspiration. Ch...
3