io.github.FlorianBruniaux/dep-scope
Symbol-level npm dependency analysis: scan verdicts, native alternatives, migration prompts.
Ask AI about io.github.FlorianBruniaux/dep-scope
Powered by Claude Β· Grounded in docs
I know everything about io.github.FlorianBruniaux/dep-scope. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
dep-scope
Symbol-level dependency analysis + LLM-ready migration prompts for TypeScript/JavaScript projects.
"Knip tells you what's unused. dep-scope tells you how you use what you keep, and generates the prompt to remove it."
When to use dep-scope
Good use cases:
- Legacy project audit: Finding lodash functions that now have native equivalents
- Library consolidation: Do we really need 3 icon libraries?
- Migration: Generate a context-aware prompt and let Claude Code do the refactoring
- Curiosity: "Which symbols from this 50KB library do we actually use?"
Not the right tool if:
- You just want unused deps β use Knip instead
- Your codebase is already well-maintained β dep-scope will mostly say "KEEP"
Quick Example
$ dep-scope scan
βββββββββββββββββββββββββββββββββββββββββββ
dep-scope Analysis Report
βββββββββββββββββββββββββββββββββββββββββββ
Summary:
Total dependencies: 45
β Keep: 38
β» Recode Native: 3
β Remove: 2
β Peer Dep: 4
Action Items:
Remove (unused):
β moment
β has-flag
Recode to native:
β» lodash.debounce (1 symbol) β custom debounce function
β» array-includes (1 symbol) β Array.prototype.includes
β» left-pad (1 symbol) β String.prototype.padStart
How it compares
| Feature | Knip | Depcheck | Moderne | dep-scope |
|---|---|---|---|---|
| Unused detection | β Excellent | β Good | β | β οΈ Basic |
| Config file scanning | β | β | β | β |
| Symbol-level analysis | β | β | β | β |
| Native alternatives database | β | β | β (lodash) | β 195 packages |
| e18e micro-utilities coverage | β | β | β | β |
| Transitive graph analysis | β | β | β | β |
| Monorepo workspace support | β οΈ | β | β | β |
| Duplicate detection | β | β | β | β |
| LLM migration prompt | β | β | β | β |
| MCP Server (AI editors) | β | β | β | β |
| OSS / free | β | β | β enterprise | β |
Recommendation: Use Knip for unused detection, dep-scope for deeper analysis and migration. They work well together (dep-scope auto-detects Knip if installed).
Installation
CLI (global):
npm install -g @florianbruniaux/dep-scope
Without installation:
npx @florianbruniaux/dep-scope scan
MCP Server (AI editors β no CLI needed):
Add to your editor's MCP config and the server runs on demand via npx. See the MCP Server section below for per-editor config snippets.
From source:
git clone https://github.com/FlorianBruniaux/node-dep-scope.git
cd node-dep-scope
npm install && npm run build && npm install -g .
Quick Start
cd /path/to/your/project
dep-scope init # configure dep-scope for your project (interactive)
dep-scope scan # full scan
dep-scope scan --root # scan full project, including scripts/ tools/ bin/
dep-scope scan --check-duplicates # include duplicate detection
dep-scope scan --check-transitive # surface transitive polyfills (e18e database)
dep-scope scan --each-workspace # monorepo: scan each package individually
dep-scope migrate # generate migration prompts for all candidates
dep-scope migrate lodash # target a specific package
dep-scope report -o ./audit.md # markdown report
Setup: dep-scope init
Run dep-scope init before your first scan. The wizard detects your project and generates a config in 4 questions:
dep-scope init
Detected: Next.js project
Found dirs: src/, scripts/, app/
? Source directories to scan:
β Auto-detected: src/, scripts/, app/ (recommended)
β Full project root (.) β includes everything
β Choose directories manually...
? Include devDependencies in scan? (y/N)
? Symbol threshold for RECODE_NATIVE verdict: (5)
? Config format:
β .depscoperc.json (simple JSON, recommended)
β depscope.config.ts (TypeScript with autocomplete)
β Created .depscoperc.json
Preset: react | Dirs: src, scripts, app | Threshold: 5
Use -y to skip prompts in CI: dep-scope init --yes.
Getting accurate results
Auto-detection covers: src, app, lib, pages, components, hooks, server, scripts, tools, bin, cli. If your project has code elsewhere, pass --root to scan everything, or set srcPaths explicitly in .depscoperc.json:
{
"srcPaths": ["src", "app", "scripts", "tools"]
}
False positive "unused" verdict? The package may be used in a directory outside the scan scope (
scripts/,tools/, etc.). Rundep-scope scan --rootto verify before removing anything. When a removal recommendation appears with a narrow scan scope, dep-scope will warn you.
Config file detection
dep-scope automatically scans config files at the project root to avoid false "unused" verdicts for packages referenced as strings β a common pattern for CLI tools, test runners, and framework plugins.
Detected automatically:
| Config file | Examples detected |
|---|---|
package.json scripts | "lint": "oxlint .", "format": "oxfmt ." |
vitest.config.* | environment: "jsdom", setupFiles: ["@testing-library/jest-dom"] |
vite.config.* | plugins: ["@vitejs/plugin-vue"] |
next.config.* | turbo.rules["*.svg"].loaders: ["@svgr/webpack"] |
.storybook/main.* | addons: ["@storybook/addon-mcp"] |
These packages will appear as INVESTIGATE (or KEEP if well-used) rather than REMOVE.
Opt-out β disable specific detectors in .depscoperc.json:
{
"stringReferences": {
"disable": ["storybook-config"]
}
}
Available detector IDs: package-json-scripts, vitest-config, vite-config, next-config, storybook-config. Use "disable": "all" to turn off config scanning entirely.
Extend with custom detectors β in depscope.config.ts:
import { defineConfig, defineDetector } from "@florianbruniaux/dep-scope";
export default defineConfig({
stringReferences: {
detectors: [
defineDetector({
id: "my-tool-config",
label: "my-tool.config.json",
filePatterns: ["my-tool.config.json"],
async detect(filePath, ctx) {
// return StringReference[] for packages found in this file
return [];
},
}),
],
},
});
MCP Server
dep-scope exposes a Model Context Protocol server so AI editors (Claude Code, Cursor, Windsurf) can query your dependencies inline β no CLI, no markdown files, no copy-paste.
Listed on the official MCP Registry:
io.github.FlorianBruniaux/dep-scope
Available tools
| Tool | Params | What it does |
|---|---|---|
scan_project | projectPath, srcPaths, threshold, includeDev, checkDuplicates, checkTransitive, withKnip | Full dependency scan with verdicts |
analyze_package | packageName, projectPath, srcPaths | Symbol-level breakdown of one package |
get_migration_candidates | projectPath | List all RECODE_NATIVE + CONSOLIDATE packages |
generate_migration_prompt | packageName, projectPath | Generate a migration prompt inline |
find_duplicates | projectPath | Detect overlapping libraries |
Setup
Add the following mcpServers entry to your editor's config. The server runs on demand via npx β no global install required.
Claude Code β ~/.claude.json:
{
"mcpServers": {
"dep-scope": {
"command": "npx",
"args": ["--package=@florianbruniaux/dep-scope", "-y", "dep-scope-mcp"]
}
}
}
Claude Desktop β ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"dep-scope": {
"command": "npx",
"args": ["--package=@florianbruniaux/dep-scope", "-y", "dep-scope-mcp"]
}
}
}
Cursor β ~/.cursor/mcp.json:
{
"mcpServers": {
"dep-scope": {
"command": "npx",
"args": ["--package=@florianbruniaux/dep-scope", "-y", "dep-scope-mcp"]
}
}
}
Windsurf β ~/.codeium/windsurf/mcp_config.json:
{
"mcpServers": {
"dep-scope": {
"command": "npx",
"args": ["--package=@florianbruniaux/dep-scope", "-y", "dep-scope-mcp"]
}
}
}
Once connected, you can ask your AI editor to call scan_project or generate_migration_prompt directly mid-session without running any CLI command.
Documentation
- Commands reference
- Configuration
- AI prompts + Claude Code slash command
- MCP Server setup
- Programmatic API
- Architecture & internals
Requirements
- Node.js >= 18.0.0
- TypeScript/JavaScript project with
package.json
License
MIT