How to Check for Unused Modules in a Node.js App

How to Check for Unused Modules in a Node.js App

Managing dependencies in a Node.js application is something that often times gets ignored by developers. Over time, you may find yourself including packages that are no longer in use. These unused modules can slow down your development environment, increase your app's bundle size, and even introduce security vulnerabilities.

Lucky for us, there are several ways to go about checking for unused modules. In this guide, we'll walk you through simple yet effective ways to detect and eliminate unused dependencies in your Node.js app.

Why it matters

Unused modules may seem harmless, but they can have several downsides:

Performance impact: Bloated node modules can slow down your app's build and execution time.

Security risks: Unused or outdated modules might contain vulnerabilities that expose your app to security risks. And if they are no longer being maintained and updated, then you could be holding on to a potential security risk for no real reason.

Larger app size: Unnecessary packages increase the size of your app, which can affect deployment times and overall performance.

Identifying and removing unused dependencies ensures that your app is optimized, secure, and easy to maintain.

Methods to Check for Unused Modules in Node.js

1. Manual Code Review

The old-fashioned but still reliable method of manually reviewing your package.json file is a good way to start this auditing process. By skimming through the dependencies, you may notice some that you no longer recognize or use.

This method works best for smaller projects, as larger applications might have hundreds of dependencies, making manual checks tedious and error-prone.

Here's a quick way to do a basic review:

Open your package.json file. Check if you recognize each dependency. Search your codebase to see if it's being imported or required anywhere.

If a package isn't being used, consider removing it.

Tip: You can use a global search feature (like Ctrl + Shift + F in VS Code) to quickly locate if a module is imported in any file.

While this method works for small projects, you can automate the process for larger applications using the tools discussed next.

2. Using npm-check

One of the most popular tools for checking unused modules is npm-check. This package scans your package.json and your codebase to determine which packages are unused or outdated.

How to Install npm-check:

npm install -g npm-check

How to run npm-check:

npm-check

npm-check provides a user-friendly interactive interface where you can:

- Remove unused dependencies.
- Update outdated dependencies.
- Reinstall broken dependencies.

It shows a list of packages categorized as unused, outdated, or needing updates, making it very intuitive to clean your project.

3. Using depcheck

Another widely used tool for checking unused dependencies is depcheck. depcheck works by scanning your project files and comparing them with the installed modules. It identifies:

Unused dependencies: Modules in package.json that are not being imported in your project.

Missing dependencies: Modules that are being used in your project but are not listed in your package.json file.

Installing depcheck:

npm install -g depcheck

How to Use depcheck:

depcheck

This will output a report showing:

Unused dependencies: Packages installed but not used. Missing dependencies: Packages used in your code but missing from package.json.

Sample depcheck Output:

Unused dependencies
* chalk
* lodash

Missing dependencies
* express
* mongoose

This tool is particularly useful because it also highlights missing dependencies—packages you forgot to include in package.json. Once you have the report, you can safely remove or add dependencies accordingly.

4. Using ESLint Plugin for Imports

Another useful method for identifying unused modules is leveraging ESLint. ESLint, a widely used linting tool for JavaScript, can detect unused code, including modules that are imported but never utilized.

You can use the eslint-plugin-import to flag unused imports in your project.

Install the Plugin:

npm install --save-dev eslint-plugin-import

Configure ESLint:

In your .eslintrc.js file, add the following rule under "rules":

rules: {
    'import/no-unused-modules': [1, { unusedExports: true }]
}

Now, run ESLint in your project. It will flag any unused imports, allowing you to track down unused modules that can potentially be removed.

5. Using webpack-bundle-analyzer

If you’re using Webpack to bundle your application, you can use the webpack-bundle-analyzer to visualize the size of your application, including the third-party libraries you're using.

Installing webpack-bundle-analyzer:

npm install --save-dev webpack-bundle-analyzer

In your webpack.config.js, add the following plugin:

const BundleAnalyzerPlugin = require('webpack-bundle-analyzer').BundleAnalyzerPlugin;

module.exports = {
  // your existing config
  plugins: [
    new BundleAnalyzerPlugin()
  ]
};

Run Webpack, and the analyzer will generate a report, showing you a detailed breakdown of all the modules being bundled. This allows you to spot any oversized or unused packages in your build.

Steps to Remove Unused Modules

After identifying unused dependencies, it’s time to remove them. Follow these steps:

Uninstall via npm: Remove unused modules using the npm uninstall command:

npm uninstall <package-name>

Update package.json: Ensure your package.json is up to date by removing the corresponding entries under dependencies or devDependencies.

Clean up node_modules: Run the following command to clear out unnecessary files:

npm prune

This will clean up any unused packages that may still be lingering in your node_modules folder.

Test your app: After removing the dependencies, make sure to thoroughly test your app to ensure that you haven’t accidentally removed something critical, or that there isn't some unforeseen side-effect.

Conclusion

Unused modules in a Node.js project are not just clutter—they can be a source of performance issues and security vulnerabilities. Tools like npm-check, depcheck, and webpack-bundle-analyzer make it simple to identify unused dependencies and clean them up.

Keeping your project free of unnecessary modules leads to a more efficient, secure, and maintainable codebase. Remember, a tidy node_modules folder is not just a nice-to-have, but a crucial part of managing a healthy, optimized Node.js app.

Walter G. author of blog post
Walter Guevara is a Computer Scientist, software engineer, startup founder and previous mentor for a coding bootcamp. He has been creating software for the past 20 years.

Get the latest programming news directly in your inbox!

Have a question on this article?

You can leave me a question on this particular article (or any other really).

Ask a question

Community Comments

No comments posted yet

Add a comment