Codecrafters logo
Advanced programming challenges. Build your own Redis, Shell, Git, Kafka, SQLite, etc. Signing up is free. 40% off if you upgrade.
Start Learning
Up to date
Published
4 min read

Trevor I. Lasn

Staff Software Engineer, Engineering Manager

Remove Unnecessary NPM Packages with eslint-plugin-depend

We don't need packages to handle basic JavaScript tasks

The NPM ecosystem is cluttered with unnecessary packages like is-odd, is-even, is-number, and more. We don’t need this unnecessary clutter.

Ever heard of the is-number? It’s an infamous NPM package that simply checks if a value is a number or not.

import isNumber from 'is-number';

I checked out the is-number package and here’s what it actually does.

module.exports = function(num) {
  if (typeof num === 'number') {
    return num - num === 0;
  }
  if (typeof num === 'string' && num.trim() !== '') {
    return Number.isFinite ? Number.isFinite(+num) : isFinite(+num);
  }
  return false;
};

If only there were a built-in method to check if something is a number. Oh, wait… there is.

const number = 5;
typeof number === "number" && Number.isFinite(number); // true

  1. typeof num === ‘number’: Verifies that num is of the type “number”. This excludes other data types like strings, objects, etc.

  2. Number.isFinite(num): Ensures that num is a finite number, meaning it is not NaN, Infinity, or -Infinity.

Infinity, -Infinity, and NaN are all considered numbers in JavaScript, so typeof returns ‘number’ for each of them. Thus, these statements are true.

typeof Infinity === 'number';  // true
typeof -Infinity === 'number'; // true
typeof NaN === 'number';       // true

While typeof returns true for each of these values, Number.isFinite returns false because Infinity, -Infinity, and NaN are not finite numbers. Therefore, the combined expressions using && evaluate to false.

typeof Infinity === "number" && Number.isFinite(Infinity); // false
typeof -Infinity === "number" && Number.isFinite(-Infinity); // false
typeof NaN === "number" && Number.isFinite(NaN); // false

Both 5 and -5 are valid, finite numbers, so both expressions are true.

typeof 5 === "number" && Number.isFinite(5); //true
typeof -5 === "number" && Number.isFinite(-5); // true

Moving back to rubbish packages. How on earth does is-number have 68,049,915 weekly downloads?

I guess it’s likely because is-number is a dependency for many popular libraries and frameworks. Even if you’re not using it directly, it could be included in your project through another package that relies on it.

left-pad package

In 2016, the left-pad package was unexpectedly removed from the npm registry, causing widespread disruption in the JavaScript ecosystem.

Many projects depended on this tiny package for a simple string padding function.

Its removal led to broken builds and errors in numerous projects, highlighting the risks of relying on overly granular or unnecessary dependencies.

The incident underscored the importance of using native functionality whenever possible to avoid such issues. See the left-pad incident wikipedia page.

import leftpad from 'left-pad';

Since String.prototype.padStart is a standard part of modern JavaScript, there’s no need to rely on an additional package for this.

"left-pad" should be replaced with native functionality. You can instead use String.prototype.padStart.


Read more here: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/padStarteslintdepend/ban-dependencies

eslint-plugin-depend

This ESLint plugin detects redundant packages and suggests more efficient alternatives.

import isNumber from 'is-number';

Would trigger a notification inside the code editor/IDE

"is-number" should be replaced with inline/local logic. Use typeof v === "number" || (typeof v === "string" && Number.isFinite(+v)) eslint depend/ban-dependencies

Installing


npm i -D eslint-plugin-depend

eslint.config.js

import * as depend from 'eslint-plugin-depend';


export default [
  depend.configs['flat/recommended']
];

You may choose a preset list of dependencies (or none). The following are available:

  1. microutilities: micro utilities (e.g. one liners)
  2. native: redundant packages with native equivalents
  3. preferred: an opinionated list of packages with better maintained and lighter alternatives
Terminal window
{
  "rules": {
    "depend/ban-dependencies": ["error", {
      "presets": ["native"]
    }]
  }
}

The default is [‘native’, ‘microutilities’, ‘preferred’].

modules: You may specify your own list of packages which will be disallowed in code.

Terminal window
{
  "rules": {
    "depend/ban-dependencies": ["error", {
      "modules": ["im-a-banned-package"]
    }]
  }
}

Putting it together

import * as depend from 'eslint-plugin-depend';


export default [
  depend.configs['flat/recommended'],
  {
    rules: {
      "depend/ban-dependencies": ["error", {
        presets: ["native"],
        modules: ["im-a-banned-package"]
      }]
    }
  }
];

Trim the fat, clear out the clutter, and let your code breathe. Your users will thank you for it.

Found this article helpful? You might enjoy my free newsletter. I share dev tips and insights to help you grow your coding skills and advance your tech career.

Interested in supporting this blog in exchange for a shoutout? Get in touch.

Liked this post?

Check out these related articles that might be useful for you. They cover similar topics and provide additional insights.

Webdev
4 min read

HTTP CONNECT: Building Secure Tunnels Through Proxies

Understand how HTTP CONNECT enables HTTPS traffic through proxies

Nov 28, 2024
Read article
Webdev
3 min read

NPQ: Open source CLI tool that audits and protects your npm installs from malicious packages

A CLI tool that checks packages for security issues and social engineering attacks before they hit your project

Jul 26, 2025
Read article
Webdev
4 min read

Understanding Vue's Suspense

How the Suspense component manages async dependencies and improves loading states in Vue apps

Aug 23, 2024
Read article
Webdev
5 min read

Add Auth to Astro 5 with Clerk in 5 Minutes

The simplest setup for adding Clerk authentication to your Astro project, with minimal code

Dec 18, 2024
Read article
Webdev
3 min read

HTML Details Element: The Native Accordion You're Not Using

Discover how the HTML details element can replace your JavaScript accordions and why it might be better than your current solution

Dec 10, 2024
Read article
Webdev
3 min read

Native Popover Element with HTML

Create overlays and dropdowns easily with the native HTML popover API

Jan 24, 2025
Read article
Webdev
4 min read

How To Implement Content Security Policy (CSP) Headers For Astro

Content Security Policy (CSP) acts like a shield against XSS attacks. These attacks are sneaky - they trick your browser into running malicious code by hiding it in content that seems trustworthy. CSP's job is to spot these tricks and shut them down, while also alerting you to any attempts it detects.

Oct 16, 2024
Read article
Webdev
6 min read

Micro Frontends: The LEGO Approach to Web Development

Explore the concept of micro frontends in web development, understand their benefits, and learn when this architectural approach is most effective for building scalable applications.

Oct 2, 2024
Read article
Webdev
3 min read

scrollbar-width & scrollbar-gutter: CSS Properties for Layout Control

Prevent content shifts and refine scrollable UIs with scrollbar-width and scrollbar-gutter

Dec 19, 2024
Read article
all articles

This article was originally published on https://www.trevorlasn.com/blog/eslint-plugin-depend. It was written by a human and polished using grammar tools for clarity.