Sentry Logo Debug Microservices & Distributed Systems

Join my free newsletter

Level up your dev skills and career with curated tips, practical advice, and in-depth tech insights – all delivered straight to your inbox.

4 min read
Up to date

Trevor I. Lasn

Staff Software Engineer & Engineering Manager

Remove Unnecessary NPM Packages with eslint-plugin-depend

We don't need packages to handle basic JavaScript tasks

The NPM ecosystem is cluttered with unnecessary packages like is-odd, is-even, is-number, and more. We don’t need this unnecessary clutter.

is-number NPM package

The is-number package—an infamous package that simply checks if a value is a number or not.

import isNumber from 'is-number';

What’s inside is-number package?

I checked out the is-number package and here’s what it actually does.

module.exports = function(num) {
  if (typeof num === 'number') {
    return num - num === 0;
  }
  if (typeof num === 'string' && num.trim() !== '') {
    return Number.isFinite ? Number.isFinite(+num) : isFinite(+num);
  }
  return false;
};

If only there were a built-in method to check if something is a number. Oh, wait… there is.

const number = 5;
typeof number === "number" && Number.isFinite(number); // true

  1. typeof num === ‘number’: Verifies that num is of the type “number”. This excludes other data types like strings, objects, etc.

  2. Number.isFinite(num): Ensures that num is a finite number, meaning it is not NaN, Infinity, or -Infinity.

Infinity, -Infinity, and NaN are all considered numbers in JavaScript, so typeof returns ‘number’ for each of them. Thus, these statements are true.

typeof Infinity === 'number';  // true
typeof -Infinity === 'number'; // true
typeof NaN === 'number';       // true

While typeof returns true for each of these values, Number.isFinite returns false because Infinity, -Infinity, and NaN are not finite numbers. Therefore, the combined expressions using && evaluate to false.

typeof Infinity === "number" && Number.isFinite(Infinity); // false
typeof -Infinity === "number" && Number.isFinite(-Infinity); // false
typeof NaN === "number" && Number.isFinite(NaN); // false

Both 5 and -5 are valid, finite numbers, so both expressions are true.

typeof 5 === "number" && Number.isFinite(5); //true
typeof -5 === "number" && Number.isFinite(-5); // true

Moving back to rubbish packages. How on earth does is-number have 68,049,915 weekly downloads?

I guess it’s likely because is-number is a dependency for many popular libraries and frameworks. Even if you’re not using it directly, it could be included in your project through another package that relies on it.

left-pad package

In 2016, the left-pad package was unexpectedly removed from the npm registry, causing widespread disruption in the JavaScript ecosystem.

Many projects depended on this tiny package for a simple string padding function.

Its removal led to broken builds and errors in numerous projects, highlighting the risks of relying on overly granular or unnecessary dependencies.

The incident underscored the importance of using native functionality whenever possible to avoid such issues. See the left-pad incident wikipedia page.

import leftpad from 'left-pad';

Since String.prototype.padStart is a standard part of modern JavaScript, there’s no need to rely on an additional package for this.

"left-pad" should be replaced with native functionality. You can instead use String.prototype.padStart.


Read more here: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/padStarteslintdepend/ban-dependencies

eslint-plugin-depend

This ESLint plugin detects redundant packages and suggests more efficient alternatives.

import isNumber from 'is-number';

Would trigger a notification inside the code editor/IDE

"is-number" should be replaced with inline/local logic. Use typeof v === "number" || (typeof v === "string" && Number.isFinite(+v)) eslint depend/ban-dependencies

Installing


npm i -D eslint-plugin-depend

eslint.config.js

import * as depend from 'eslint-plugin-depend';


export default [
  depend.configs['flat/recommended']
];

You may choose a preset list of dependencies (or none). The following are available:

  1. microutilities: micro utilities (e.g. one liners)
  2. native: redundant packages with native equivalents
  3. preferred: an opinionated list of packages with better maintained and lighter alternatives
Terminal window
{
  "rules": {
    "depend/ban-dependencies": ["error", {
      "presets": ["native"]
    }]
  }
}

The default is [‘native’, ‘microutilities’, ‘preferred’].

modules: You may specify your own list of packages which will be disallowed in code.

Terminal window
{
  "rules": {
    "depend/ban-dependencies": ["error", {
      "modules": ["im-a-banned-package"]
    }]
  }
}

Putting it together

import * as depend from 'eslint-plugin-depend';


export default [
  depend.configs['flat/recommended'],
  {
    rules: {
      "depend/ban-dependencies": ["error", {
        presets: ["native"],
        modules: ["im-a-banned-package"]
      }]
    }
  }
];

Trim the fat, clear out the clutter, and let your code breathe. Your users will thank you for it.

open source

Related Articles

If you enjoyed this article, you might find these related pieces interesting as well.

Repopack: Pack Your Entire Repository Into A Single File

A tool that packages your code to easily share with LLM models.

Oct 21, 2024 5 min read

Secure Your Repositories: Prevent Credential Leaks with Gitleaks

Automate security flows and ensure your team follows security best practices

Aug 6, 2024 9 min read

Can OSSPledge Fix Open Source Sustainability?

The Open Source Pledge aims to address open source sustainability challenges by encouraging companies to pay $2,000 per developer per year

Nov 17, 2024 5 min read

Pkl: Apple's New Configuration Language That Could Replace JSON and YAML

A deep dive into Pkl, Apple's configuration language that aims to replace JSON and YAML

Nov 1, 2024 5 min read

dependency-time-machine: An Easier Way to Update NPM packages

Automatically update your package.json dependencies one by one in chronological order, ensuring compatibility and reducing errors

Sep 18, 2024 5 min read

SecretLint — A Linter for Preventing Committing Credentials

A guide to catching and preventing credential leaks in your code using Secretlint

Oct 22, 2024 5 min read
all articles

Become a better engineer

Here are engineering resources I've personally vetted and use. They focus on skills you'll actually need to build and scale real projects - the kind of experience that gets you hired or promoted.

40% DISCOUNT

CodeCrafters

Level up by building real tools like Redis, Git, and SQLite from scratch.

20% DISCOUNT

Scrimba

Accelerate your JavaScript and React journey with Scrimba's interactive learning platform.

25% DISCOUNT

Boot.dev

Courses taught by engineers who worked at companies like Netflix and SourceGraph.

Many companies have a fixed annual stipend per engineer (e.g. $2,000) for use towards learning resources. If your company offers this stipend, you can forward them your invoices directly for reimbursement.

This article was originally published on https://www.trevorlasn.com/blog/eslint-plugin-depend. It was written by a human and polished using grammar tools for clarity.

Interested in a partnership? Shoot me an email at hi [at] trevorlasn.com with all relevant information.