Dependency bloat
Part of Dependencies & Hygiene, which counts for 10% of the overall score. When this check fires it deducts 2 points from that category, once per scan, no matter how many places it turns up.
What it detects
A very high dependency count relative to the size of the codebase, worth auditing for unused packages.
Why it matters
A dependency count far out of proportion to the code (this scan saw 60+ packages against fewer than 10 source files) usually means leftovers from abandoned experiments. Every unused package still gets installed, still slows CI, and still counts toward your security surface when one of them ships a vulnerability. Trimming them makes installs faster and audit reports shorter.
How to fix it
Run a dead-dependency scanner: npx depcheck or npx knip both compare package.json against actual imports and list packages nothing uses. Review the list (they can miss packages used only in config files or CLI scripts), then npm uninstall the confirmed dead ones. Re-run your build and tests after removal to catch anything the scanners got wrong.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo