NPM Package Analyzer
Paste your package.json to analyze dependencies, find heavy packages, and estimate bundle size impact
NPM Package Analyzer
Paste your package.json to analyze dependencies, find heavy packages, and estimate bundle size impact
Features
- Analyze package.json dependencies and devDependencies at a glance
- Detect heavy packages like moment, lodash, and core-js with lighter alternatives
- Estimate total bundle size impact from production dependencies
- Find deprecated, unpinned, and git-based dependency issues
- Identify outdated tooling patterns such as TSLint or Babel 6
How to use
- Copy your package.json file content from your project.
- Paste it into the input area and click Analyze.
- Review the dependency overview, issues, and size estimates.
Tips & Best Practices
- Paste your code directly or use the file upload feature for larger files.
- The tool preserves your original input — you can always go back and modify it.
- Use the output directly in your IDE or build pipeline.
- Check the formatted output for any warnings or validation messages.
- All processing is client-side, making it safe for proprietary code.
FAQ
Is my package.json data sent to a server?
No. All analysis runs entirely in your browser. Nothing is uploaded or stored on any server. Your package.json content stays private and local to your machine.
How are bundle sizes estimated?
Known heavy packages like moment, lodash, and core-js have pre-measured sizes. Other dependencies use an average estimate of 25KB each. These are rough estimates to help you identify the biggest contributors to bundle size.
What kind of issues does the analyzer detect?
The analyzer checks for heavy packages with lighter alternatives, deprecated packages, wildcard or unpinned versions, git-based dependencies, missing license or engine fields, and outdated tooling patterns like TSLint or old Babel versions.
Can I analyze a lock file (package-lock.json or yarn.lock)?
Currently the tool only supports package.json content. Lock files have a different structure and are not parsed by this analyzer. We focus on the dependency declarations you control directly.
Why does the tool suggest replacing moment with date-fns or dayjs?
moment is approximately 290KB minified and is not tree-shakeable, meaning the entire library is included in your bundle even if you use a single function. date-fns (tree-shakeable) and dayjs (2KB) are modern alternatives that significantly reduce bundle size.
Does this tool check for security vulnerabilities?
This tool focuses on bundle analysis and best practices, not security vulnerabilities. For security auditing, use npm audit or tools like Snyk. However, we do flag deprecated packages which may have known security issues.
Can I use this for monorepo or workspace package.json files?
Yes. You can paste any package.json content including workspace root or individual package files. The analyzer will process whatever dependencies and devDependencies it finds in the JSON you provide.