Issue: We have detected the following unused dependencies in your project:
Unused devDependencies
@size-limit/preset-small-lib
@types/jest
@typescript-eslint/eslint-plugin
@typescript-eslint/parser
check-dts
clean-publish
eslint
eslint-config-standard
eslint-plugin-import
eslint-plugin-jest
eslint-plugin-node
eslint-plugin-prefer-let
eslint-plugin-promise
eslint-plugin-security
eslint-plugin-unicorn
jest
prettier
simple-git-hooks
size-limit
typescript
Questions: We are conducting a research study on the unused packages in JS projects. We were curious:
Will you remove the unused packages mentioned above? (Yes/No), and why?:
Do you have any additional comments? (If so, please write it down):
For any publication or research report based on this study, we will share all responses from developers in an anonymous way. Both your projects and personal information will be kept confidential.
Rationale: When a JS application depends on too many packages, its attack surface can grow dramatically; hackers can get a higher chance of successfully exploiting the vulnerabilities inside those packages and escalating the potential damage. Therefore, JS application developers are recommended to remove unused packages from their projects, in order to eliminate the security risks unnecessarily incurred by those packages.
Steps to reproduce:
Execute the “npx depcheck” command to print the list of all the unused dependencies
Suggested Solution: Please look at the unused dependencies list and uninstall them if they do not find them necessary.
Issue: We have detected the following unused dependencies in your project: Unused devDependencies
Questions: We are conducting a research study on the unused packages in JS projects. We were curious:
For any publication or research report based on this study, we will share all responses from developers in an anonymous way. Both your projects and personal information will be kept confidential.
Rationale: When a JS application depends on too many packages, its attack surface can grow dramatically; hackers can get a higher chance of successfully exploiting the vulnerabilities inside those packages and escalating the potential damage. Therefore, JS application developers are recommended to remove unused packages from their projects, in order to eliminate the security risks unnecessarily incurred by those packages.
Steps to reproduce:
Suggested Solution: Please look at the unused dependencies list and uninstall them if they do not find them necessary.
Resources: https://www.npmjs.com/package/depcheck