feat: detect and report unused package.json dependencies

This commit introduces the ability to detect and report unused dependencies listed in the `package.json` file. It enhances TreeTracr's analysis capabilities by identifying dependencies that are not actually imported or required in the project's source code.

- Implemented `checkUnusedPackageDependencies` function in `src/analyzer.js` to analyze `package.json` and identify unused dependencies.
- Added a new `--fail-on-unused-deps` CLI flag to `src/cli.js` to allow failing the CI check if unused package dependencies are found.
- Updated `index.js` to include a new section in the output for unused package dependencies and to handle the `--fail-on-unused-deps` flag, setting appropriate exit codes.
- Updated `README.md` with documentation for the new feature and CLI flag.
- Added a new test case to `test/cli.test.js` to verify the functionality of the `--fail-on-unused-deps` flag.

Author: billchurch

README.md

@@ -8,6 +8,7 @@ A JavaScript/TypeScript dependency analyzer that helps you visualize and underst
 - Visualizes dependency trees from entry points
 - Identifies unused modules
 - Detects and highlights circular dependencies
+- Identifies unused package.json dependencies
 - Automatically detects and analyzes test files
 - Supports custom test directories
 
@@ -30,6 +31,7 @@ treetracr [options] [directory] [entryPoint]
 - `--ci`: Enable CI mode (exits with error if issues found)
 - `--fail-on-circular`: Exit with error code if circular dependencies found
 - `--fail-on-unused`: Exit with error code if unused modules found
+- `--fail-on-unused-deps`: Exit with error code if unused package.json dependencies found
 
 ### Examples
 
@@ -74,7 +76,9 @@ jobs:
         # - Code 0: No issues found
         # - Code 1: Circular dependencies found
         # - Code 2: Unused modules found  
-        # - Code 3: Both issues found
+        # - Code 3: Both circular dependencies and unused modules found
+        # - Code 4: Unused package dependencies found
+        # - Code 7: All issues found
 ```
 
 ## Test File Detection
@@ -183,6 +187,16 @@ Found 2 unused local modules:
 
 No circular dependencies detected!
 
+   ╭──────────────────────────────╮
+   │                              │
+   │   UNUSED PACKAGE DEPENDENCIES   │
+   │                              │
+   ╰──────────────────────────────╯
+
+Found 2 unused package.json dependencies:
+- some-unused-package
+- another-unused-package
+
    ╭────────────────╮
    │                │
    │   TEST FILES   │
@@ -222,6 +236,7 @@ CI mode with failures would look like:
 ❌ CI checks failed!
 - Found 3 circular dependencies
 - Found 2 unused modules
+- Found 2 unused package dependencies
 ```
 
 ## Why TreeTracr?

index.js

@@ -10,7 +10,8 @@ import {
     buildDependencyMaps, 
     traceDependenciesFromEntry, 
     isTestFile, 
-    detectCircularDependencies
+    detectCircularDependencies,
+    checkUnusedPackageDependencies
 } from './src/analyzer.js'
 import { 
     formatPath, 
@@ -131,6 +132,29 @@ async function main() {
         }
     }
 
+    // Add section for unused package dependencies
+    output.section('UNUSED PACKAGE DEPENDENCIES')
+    
+    // Check for unused dependencies in package.json
+    const unusedDeps = await checkUnusedPackageDependencies(sourceDir)
+    
+    if (unusedDeps.size === 0) {
+        output.success('No unused package.json dependencies found!')
+    } else {
+        output.warning(`Found ${unusedDeps.size} unused package.json dependencies:`)
+        Array.from(unusedDeps).forEach((dep) => {
+            output.warning(`- ${dep}`)
+        })
+        
+        // Mark CI check as failed for unused package dependencies
+        if (options.failOnUnusedPackageDeps) {
+            output.error('CI check failed: Unused package dependencies detected')
+            if (options.ci) {
+                exitCode = Math.max(exitCode, 4); // Use exit code 4 for unused package dependencies
+            }
+        }
+    }
+    
     // Add new section for test files
     output.section('TEST FILES')
 
@@ -153,15 +177,17 @@ async function main() {
     }
 
     // Add summary section for CI mode
-    if (options.ci || options.failOnCircular || options.failOnUnused) {
+    if (options.ci || options.failOnCircular || options.failOnUnused || options.failOnUnusedPackageDeps) {
         output.section('CI CHECK SUMMARY')
 
         const hasCircularDeps = circularDeps.length > 0
         const hasUnusedModules = unusedModules.length > 0
+        const hasUnusedPackageDeps = unusedDeps.size > 0
         const shouldFailCircular = options.failOnCircular && hasCircularDeps
         const shouldFailUnused = options.failOnUnused && hasUnusedModules
+        const shouldFailUnusedPackageDeps = options.failOnUnusedPackageDeps && hasUnusedPackageDeps
 
-        if (!shouldFailCircular && !shouldFailUnused) {
+        if (!shouldFailCircular && !shouldFailUnused && !shouldFailUnusedPackageDeps) {
             output.success('✅ All checks passed!')
 
             // Show details in regular mode but be concise in CI mode
@@ -172,6 +198,9 @@ async function main() {
                 if (options.failOnUnused) {
                     output.success('- No unused modules')
                 }
+                if (options.failOnUnusedPackageDeps) {
+                    output.success('- No unused package dependencies')
+                }
             }
         } else {
             output.error('❌ CI checks failed!')
@@ -184,9 +213,19 @@ async function main() {
                 output.error(`- Found ${unusedModules.length} unused modules`)
             }
 
-            // Set combined status code if both issues are present
-            if (shouldFailCircular && shouldFailUnused) {
-                exitCode = 3;  // Exit code 3 for both issues
+            if (shouldFailUnusedPackageDeps) {
+                output.error(`- Found ${unusedDeps.size} unused package dependencies`)
+            }
+            
+            // Determine exit code based on combination of failures
+            if (shouldFailUnusedPackageDeps) {
+                if (shouldFailCircular || shouldFailUnused) {
+                    exitCode = 7;  // Exit code 7 for all issues
+                } else {
+                    exitCode = 4;  // Exit code 4 for unused package dependencies
+                }
+            } else if (shouldFailCircular && shouldFailUnused) {
+                exitCode = 3;  // Exit code 3 for both circular and unused modules
             } else if (shouldFailCircular) {
                 exitCode = 1;  // Exit code 1 for circular dependencies
             } else if (shouldFailUnused) {

src/analyzer.js

@@ -1,7 +1,7 @@
 import fs from 'fs'
 import path from 'path'
 import { IMPORT_PATTERNS, TEST_PATTERNS, JS_EXTENSIONS } from './constants.js'
-import { readFile } from './fileSystem.js'
+import { readFile, getPackageJson } from './fileSystem.js'
 import { output } from './output.js'
 
 // Store file dependencies
@@ -10,6 +10,8 @@ export const moduleDependencies = new Map()
 export const moduleReferences = new Map()
 // Store circular dependencies
 export const circularDependencies = new Map()
+// Store unused package.json dependencies
+export const unusedPackageDependencies = new Set()
 
 /**
  * Normalize a path to handle different import styles
@@ -164,3 +166,66 @@ export async function traceDependenciesFromEntry(entryPath, sourceDir, visited =
 export function isTestFile(filePath) {
     return TEST_PATTERNS.some(pattern => pattern.test(filePath));
 }
+
+/**
+ * Check if dependencies in package.json are actually used in the source files
+ * @param {string} sourceDir - Directory to analyze
+ * @returns {Promise<Set<string>>} - Set of unused dependencies
+ */
+export async function checkUnusedPackageDependencies(sourceDir) {
+    // Clear the set of unused dependencies
+    unusedPackageDependencies.clear()
+    
+    // Get package.json
+    const packageJson = await getPackageJson(sourceDir)
+    if (!packageJson || !packageJson.dependencies) {
+        return unusedPackageDependencies
+    }
+    
+    // Get all dependencies from package.json
+    const dependencies = Object.keys(packageJson.dependencies)
+    
+    // Get all content from source files to check for imports
+    const files = Array.from(moduleDependencies.keys())
+    const allContent = await Promise.all(
+        files.map(async file => {
+            try {
+                return await readFile(file, 'utf8')
+            } catch (error) {
+                output.error(`Error reading file ${file}: ${error.message}`)
+                return ''
+            }
+        })
+    )
+    
+    // Join all content for simpler checking
+    const combinedContent = allContent.join('\n')
+    
+    // Check each dependency
+    for (const dependency of dependencies) {
+        // Different patterns to match dependencies
+        const importPatterns = [
+            // ES6 named imports
+            new RegExp(`import\\s+(?:[\\w\\s{},*]+from\\s+)?['"]${dependency}(?:[\\w\\s-./]*)['"]`, 'g'),
+            // ES6 default imports
+            new RegExp(`import\\s+[\\w\\s]+\\s+from\\s+['"]${dependency}(?:[\\w\\s-./]*)['"]`, 'g'),
+            // ES6 namespace imports
+            new RegExp(`import\\s+\\*\\s+as\\s+[\\w\\s]+\\s+from\\s+['"]${dependency}(?:[\\w\\s-./]*)['"]`, 'g'),
+            // CommonJS require
+            new RegExp(`require\\s*\\(\\s*['"]${dependency}(?:[\\w\\s-./]*)['"]\\s*\\)`, 'g'),
+            // Dynamic imports
+            new RegExp(`import\\s*\\(['"]${dependency}(?:[\\w\\s-./]*)['"]\\)`, 'g'),
+            // Package references in comments or strings
+            new RegExp(`['"]${dependency}(?:[\\w\\s-./]*)['"]`, 'g')
+        ]
+        
+        // Check if dependency is used in any file
+        const isUsed = importPatterns.some(pattern => pattern.test(combinedContent))
+        
+        if (!isUsed) {
+            unusedPackageDependencies.add(dependency)
+        }
+    }
+    
+    return unusedPackageDependencies
+}

src/cli.js

@@ -14,6 +14,7 @@ export function parseCommandLine() {
     ci: false,
     failOnCircular: false,
     failOnUnused: false,
+    failOnUnusedPackageDeps: false,
     remainingArgs: []
   };
 
@@ -31,6 +32,8 @@ export function parseCommandLine() {
       result.failOnCircular = true;
     } else if (arg === '--fail-on-unused') {
       result.failOnUnused = true;
+    } else if (arg === '--fail-on-unused-deps') {
+      result.failOnUnusedPackageDeps = true;
     } else if (!arg.startsWith('-')) {
       // Process positional arguments
       if (!result.sourceDir || result.sourceDir === '.') {
@@ -46,10 +49,11 @@ export function parseCommandLine() {
     }
   }
 
-  // If ci is true but neither failure mode specified, enable both
-  if (result.ci && !result.failOnCircular && !result.failOnUnused) {
+  // If ci is true but no failure modes specified, enable all failure modes
+  if (result.ci && !result.failOnCircular && !result.failOnUnused && !result.failOnUnusedPackageDeps) {
     result.failOnCircular = true;
     result.failOnUnused = true;
+    result.failOnUnusedPackageDeps = true;
   }
 
   return result;
@@ -71,6 +75,7 @@ OPTIONS:
   --ci                     Enable CI mode (exits with error if issues found)
   --fail-on-circular       Exit with error code if circular dependencies found
   --fail-on-unused         Exit with error code if unused modules found
+  --fail-on-unused-deps    Exit with error code if unused package.json dependencies found
 
 ARGUMENTS:
   directory                Target directory to analyze (default: current directory)

test/cli.test.js

@@ -17,6 +17,7 @@ test('parseCommandLine should handle empty arguments', () => {
     ci: false,
     failOnCircular: false,
     failOnUnused: false,
+    failOnUnusedPackageDeps: false,
     remainingArgs: []
   });
 });
@@ -59,6 +60,7 @@ test('parseCommandLine should handle CI mode flag', () => {
   assert.strictEqual(result.ci, true);
   assert.strictEqual(result.failOnCircular, true);
   assert.strictEqual(result.failOnUnused, true);
+  assert.strictEqual(result.failOnUnusedPackageDeps, true);
 });
 
 // Test for fail-on-circular flag
@@ -79,13 +81,24 @@ test('parseCommandLine should handle fail-on-unused flag', () => {
   assert.strictEqual(result.failOnUnused, true);
 });
 
+// Test for fail-on-unused-deps flag
+test('parseCommandLine should handle fail-on-unused-deps flag', () => {
+  process.argv = ['node', 'index.js', '--fail-on-unused-deps'];
+  const result = parseCommandLine();
+  assert.strictEqual(result.ci, false);
+  assert.strictEqual(result.failOnCircular, false);
+  assert.strictEqual(result.failOnUnused, false);
+  assert.strictEqual(result.failOnUnusedPackageDeps, true);
+});
+
 // Test for combined CI flags
 test('parseCommandLine should handle combined CI flags', () => {
-  process.argv = ['node', 'index.js', '--ci', '--fail-on-circular', '--fail-on-unused'];
+  process.argv = ['node', 'index.js', '--ci', '--fail-on-circular', '--fail-on-unused', '--fail-on-unused-deps'];
   const result = parseCommandLine();
   assert.strictEqual(result.ci, true);
   assert.strictEqual(result.failOnCircular, true);
   assert.strictEqual(result.failOnUnused, true);
+  assert.strictEqual(result.failOnUnusedPackageDeps, true);
 });
 
 // Restore original argv after tests