node package manager
We need your input. Help make JavaScript better: Take the 2017 JavaScript Ecosystem survey »


Depcop - Validate dependencies in package.json

npm Travis Appveyor Coveralls David David dev

License docs

Depcop is a tool to validate your dependencies and devDependencies in a package.json. It checks your source code and warns if some dependency definitions are missing, unused, or listed in a wrong group.


Missing module check

Makes sure:

  • all modules used in source code are listed in dependencies or devDependencies

Unused module check

Makes sure:

  • dependencies and devDependencies don't contain modules used in any source

Strayed module check

Makes sure:

  • dependencies don't contain modules used only in development code
  • devDependencies don't contain modules used in library code

Note: definition of terms

term description
library code Ordinary source files usually put in ./lib.
development code Test files, config files, or build scripts like gulpfile.js.

For more details about validations, please see Validations.


  • ES2015 style support (import declarations)
  • CommonJS style support (require expressions)
  • Configurable


You can install Depcop using npm.

npm install --save-dev depcop


You can use Depcop via CLI or Node.js API. Please see Usage for details.

# CLI 
depcop --missing --unused -l 'lib/**/*.js' -d 'test/**/*.js','gulpfile.js'
// JS 
import { makeDepcop } from 'depcop';
const depcop = makeDepcop({
  options: {
    libSources: ['lib/**/*.js'],
    devSources: ['test/**/*-test.js'],
    checks: {
      unused: {
        ignore: ['istanbul', 'mocha']
const result = depcop.runValidations();
// .. 


You can write a configuration file to configure Depcop. Please see Configuring Depcop for details.

// .depcoprc.js 
module.exports = {
  libSources: [
  devSources: [
  checks: {
    missing: {
      ignore: [/alias.+/]
    unused: {}


It is usually difficult to notice that some dependency definitions are missing (or unused) in local environment where necessary dependencies have been installed. Especially, it is so difficult to notice when you accidentally define a module in devDependencies which is actually used in library code. In this case, all tests will pass in both of local and CI environment where devDependencies will be installed. And it is not until the module is installed to user environments where devDependencies doesn't be installed that it causes an error for lack of dependencies. The goal of this module is to prevent such a tragedy.

Similar projects