About package.json Analyzer

Detect duplicate dependencies and common issues. Part of the DevTools Surf developer suite. Browse more tools in the API / Config collection.

Use Cases

• Audit project dependencies for duplicate packages
• Detect miscategorized dev vs production dependencies
• Validate package.json structure before publishing to npm
• Review dependency health during security audits

Tips

• Upload package.json to detect duplicate or conflicting deps
• Spot devDependencies that should be regular dependencies
• Identify missing or malformed required fields

Fun Facts

• The package.json format was introduced by npm creator Isaac Z. Schlueter in 2010 and now defines the structure of over 3 million npm packages.
• The 'left-pad' incident in March 2016 — where an 11-line npm package was unpublished and broke thousands of builds — led to npm preventing package un-publishing.
• A typical React application's node_modules folder contains 800-1,200 packages, many of which are transitive dependencies the developer never directly installed.

FAQ

What issues does it detect?

Duplicate dependencies across dependencies/devDependencies/peerDependencies, version inconsistencies, missing engines field, invalid semver ranges.

Does it check for security?

No — for security audits use `npm audit` or `pnpm audit`. This tool focuses on structural issues in package.json itself.

What about outdated packages?

Not in this tool — checking for updates requires registry queries. Use `npm outdated` or Dependabot.

Monorepo support?

Single package.json at a time. For monorepo-wide analysis, run per-package or use a monorepo-aware tool (Nx, Turborepo).