Pkg Lens
A zero-configuration CLI tool designed to detect, classify, and visualize dependency bloat within JavaScript and TypeScript projects.
Technologies Used
Project Overview
Run pnpm dlx pkg-lens in any project and in seconds see exactly which packages are stale ponyfills, inlineable micro-packages, or duplicates — with native replacement suggestions and the full dependency chain that pulled them in.
Key Features
Zero-configuration execution with automatic package manager and project root detection
Accurate logical lines of code (LOC) counting per package, intentionally omitting comments and empty lines
Intelligent bloat classification identifying obsolete ponyfills, inlineable micro-packages, and duplicate dependencies
Deep dependency chain tracing to pinpoint exactly which direct or transitive packages introduced bloated sub-dependencies
Offline-first lockfile parsers natively supporting npm, pnpm, and yarn without requiring external registry lookups
Actionable replacement suggestions for every flagged package, cross-referenced against the e18e module-replacements dataset
High-Level Architecture
The system is constructed as a lightweight Node.js CLI application written in TypeScript that performs purely local, offline static analysis to ensure high performance and privacy. It orchestrates a functional pipeline starting with lockfile parsing to accurately reconstruct the deterministic dependency graph. The tool then concurrently walks the local node_modules directory to compute concrete line counts via batched structural file reads, and finally maps the active dependency signatures against an embedded knowledge base of known replacements to categorize packages. This results in an extremely fast execution footprint powered primarily by asynchronous filesystem operations and smart pattern matching rather than expensive compiler-level AST traversal.
Challenges & Learnings
A significant technical challenge was accurately measuring the real payload size and impact of an entire .node_modules directory without being bottlenecked by incredibly heavy AST parsing operations or throttled by external npm registry latency. To solve this, the architecture implements an optimized, asynchronous filesystem crawler that directly streams module file contents, employing performant string manipulation techniques to extract true logical lines of code. Coupled with localized lockfile resolution instead of remote registry polling, this approach guarantees that the CLI runs optimally, delivering near-instantaneous insights even on enterprise-scale monorepos containing thousands of chained dependencies.