Command Palette

Search for a command to run...

UnylyUnyly
Browse all

Dep Scope

FreeNot checked

Symbol-level npm dependency analysis: scan verdicts, native alternatives, migration prompts.

GitHubEmbed

About

Symbol-level npm dependency analysis: scan verdicts, native alternatives, migration prompts.

README

CI npm version MCP Registry License: MIT Node.js

Symbol-level dependency analysis + LLM-ready migration prompts for TypeScript/JavaScript projects.

"Knip tells you what's unused. dep-scope tells you how you use what you keep, and generates the prompt to remove it."

When to use dep-scope

Good use cases:

  • Legacy project audit: Finding lodash functions that now have native equivalents
  • Library consolidation: Do we really need 3 icon libraries?
  • Migration: Generate a context-aware prompt and let Claude Code do the refactoring
  • Curiosity: "Which symbols from this 50KB library do we actually use?"

Not the right tool if:

  • You just want unused deps → use Knip instead
  • Your codebase is already well-maintained → dep-scope will mostly say "KEEP"

Quick Example

$ dep-scope scan

═══════════════════════════════════════════
  dep-scope Analysis Report
═══════════════════════════════════════════

Summary:
  Total dependencies: 45
  ✓ Keep:          38
  ↻ Recode Native: 3
  ✗ Remove:        2
  ⊕ Peer Dep:      4

Action Items:
  Remove (unused):
    ✗ moment
    ✗ has-flag

  Recode to native:
    ↻ lodash.debounce (1 symbol) → custom debounce function
    ↻ array-includes (1 symbol) → Array.prototype.includes
    ↻ left-pad (1 symbol) → String.prototype.padStart

How it compares

Feature Knip Depcheck Moderne dep-scope
Unused detection ✅ Excellent ✅ Good ⚠️ Basic
Config file scanning
Symbol-level analysis
Native alternatives database ✅ (lodash) ✅ 195 packages
e18e micro-utilities coverage
Transitive graph analysis
Monorepo workspace support ⚠️
Duplicate detection
LLM migration prompt
MCP Server (AI editors)
OSS / free ❌ enterprise

Recommendation: Use Knip for unused detection, dep-scope for deeper analysis and migration. They work well together (dep-scope auto-detects Knip if installed).

Installation

CLI (global):

npm install -g @florianbruniaux/dep-scope

Without installation:

npx @florianbruniaux/dep-scope scan

MCP Server (AI editors — no CLI needed):

Add to your editor's MCP config and the server runs on demand via npx. See the MCP Server section below for per-editor config snippets.

From source:

git clone https://github.com/FlorianBruniaux/node-dep-scope.git
cd node-dep-scope
npm install && npm run build && npm install -g .

Quick Start

cd /path/to/your/project

dep-scope init                        # configure dep-scope for your project (interactive)
dep-scope scan                        # full scan
dep-scope scan --root                 # scan full project, including scripts/ tools/ bin/
dep-scope scan --check-duplicates     # include duplicate detection
dep-scope scan --check-transitive     # surface transitive polyfills (e18e database)
dep-scope scan --each-workspace       # monorepo: scan each package individually
dep-scope migrate                     # generate migration prompts for all candidates
dep-scope migrate lodash              # target a specific package
dep-scope report -o ./audit.md        # markdown report

Setup: dep-scope init

Run dep-scope init before your first scan. The wizard detects your project and generates a config in 4 questions:

dep-scope init

  Detected: Next.js project
  Found dirs: src/, scripts/, app/

? Source directories to scan:
  ● Auto-detected: src/, scripts/, app/  (recommended)
  ○ Full project root (.) — includes everything
  ○ Choose directories manually...

? Include devDependencies in scan? (y/N)
? Symbol threshold for RECODE_NATIVE verdict: (5)
? Config format:
  ● .depscoperc.json  (simple JSON, recommended)
  ○ depscope.config.ts  (TypeScript with autocomplete)

✓ Created .depscoperc.json
  Preset: react  |  Dirs: src, scripts, app  |  Threshold: 5

Use -y to skip prompts in CI: dep-scope init --yes.

Getting accurate results

Auto-detection covers: src, app, lib, pages, components, hooks, server, scripts, tools, bin, cli. If your project has code elsewhere, pass --root to scan everything, or set srcPaths explicitly in .depscoperc.json:

{
  "srcPaths": ["src", "app", "scripts", "tools"]
}

False positive "unused" verdict? The package may be used in a directory outside the scan scope (scripts/, tools/, etc.). Run dep-scope scan --root to verify before removing anything. When a removal recommendation appears with a narrow scan scope, dep-scope will warn you.

Config file detection

dep-scope automatically scans config files at the project root to avoid false "unused" verdicts for packages referenced as strings — a common pattern for CLI tools, test runners, and framework plugins.

Detected automatically:

Config file Examples detected
package.json scripts "lint": "oxlint .", "format": "oxfmt ."
vitest.config.* environment: "jsdom", setupFiles: ["@testing-library/jest-dom"]
vite.config.* plugins: ["@vitejs/plugin-vue"]
next.config.* turbo.rules["*.svg"].loaders: ["@svgr/webpack"]
.storybook/main.* addons: ["@storybook/addon-mcp"]

These packages will appear as INVESTIGATE (or KEEP if well-used) rather than REMOVE.

Opt-out — disable specific detectors in .depscoperc.json:

{
  "stringReferences": {
    "disable": ["storybook-config"]
  }
}

Available detector IDs: package-json-scripts, vitest-config, vite-config, next-config, storybook-config. Use "disable": "all" to turn off config scanning entirely.

Extend with custom detectors — in depscope.config.ts:

import { defineConfig, defineDetector } from "@florianbruniaux/dep-scope";

export default defineConfig({
  stringReferences: {
    detectors: [
      defineDetector({
        id: "my-tool-config",
        label: "my-tool.config.json",
        filePatterns: ["my-tool.config.json"],
        async detect(filePath, ctx) {
          // return StringReference[] for packages found in this file
          return [];
        },
      }),
    ],
  },
});

MCP Server

dep-scope exposes a Model Context Protocol server so AI editors (Claude Code, Cursor, Windsurf) can query your dependencies inline — no CLI, no markdown files, no copy-paste.

Listed on the official MCP Registry: io.github.FlorianBruniaux/dep-scope

Available tools

Tool Params What it does
scan_project projectPath, srcPaths, threshold, includeDev, checkDuplicates, checkTransitive, withKnip Full dependency scan with verdicts
analyze_package packageName, projectPath, srcPaths Symbol-level breakdown of one package
get_migration_candidates projectPath List all RECODE_NATIVE + CONSOLIDATE packages
generate_migration_prompt packageName, projectPath Generate a migration prompt inline
find_duplicates projectPath Detect overlapping libraries

Setup

Add the following mcpServers entry to your editor's config. The server runs on demand via npx — no global install required.

Claude Code~/.claude.json:

{
  "mcpServers": {
    "dep-scope": {
      "command": "npx",
      "args": ["--package=@florianbruniaux/dep-scope", "-y", "dep-scope-mcp"]
    }
  }
}

Claude Desktop~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "dep-scope": {
      "command": "npx",
      "args": ["--package=@florianbruniaux/dep-scope", "-y", "dep-scope-mcp"]
    }
  }
}

Cursor~/.cursor/mcp.json:

{
  "mcpServers": {
    "dep-scope": {
      "command": "npx",
      "args": ["--package=@florianbruniaux/dep-scope", "-y", "dep-scope-mcp"]
    }
  }
}

Windsurf~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "dep-scope": {
      "command": "npx",
      "args": ["--package=@florianbruniaux/dep-scope", "-y", "dep-scope-mcp"]
    }
  }
}

Once connected, you can ask your AI editor to call scan_project or generate_migration_prompt directly mid-session without running any CLI command.

Documentation

Requirements

  • Node.js >= 18.0.0
  • TypeScript/JavaScript project with package.json

License

MIT

from github.com/FlorianBruniaux/node-dep-scope

Install Dep Scope in Claude Desktop, Claude Code & Cursor

Recommended · one command, every IDE
unyly install dep-scope

Installs into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.

First time? Get the CLI: curl -fsSL https://unyly.org/install | sh

Or configure manually

Run in your terminal:

claude mcp add dep-scope -- npx -y @florianbruniaux/dep-scope

FAQ

Is Dep Scope MCP free?

Yes, Dep Scope MCP is free — one-click install via Unyly at no cost.

Does Dep Scope need an API key?

No, Dep Scope runs without API keys or environment variables.

Is Dep Scope hosted or self-hosted?

Self-hosted: the server runs locally on your machine via the install command above.

How do I install Dep Scope in Claude Desktop, Claude Code or Cursor?

Open Dep Scope on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare Dep Scope with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All development MCPs