527

Is there a way to simply uninstall all unused (undeclared) dependencies from a Node.js project (ones that are no longer defined in my package.json.) When I update my application I like to have the unreferenced packages removed automatically.

Improve this question
2
  • 1
    Unused by what? Do you mean to remove folders from node_modules when they're removed from the respective package.json?
    – SLaks
    Commented Jan 28, 2014 at 21:19
  • 1
    exactly, mhm npm ll already gives a good hint which are the candidates.
    – Tarion
    Commented Jan 28, 2014 at 21:20

4 Answers 4

Reset to default
805

Note: Recent npm versions do this automatically when running npm install if package-locks are enabled, so this is not necessary except for removing development packages with the --production flag.

Run npm prune to remove modules not listed in package.json.

From npm help prune:

This command removes "extraneous" packages. If a package name is provided, then only packages matching one of the supplied names are removed.

Extraneous packages are packages that are not listed on the parent package's dependencies list.

If the --production flag is specified, this command will remove the packages specified in your devDependencies.

Improve this answer
14
  • 5
    If I read that correctly, this would remove all sub-dependencies, since they're not listed in package.json. Is that right? So, the next update or install would have to reinstall them.
    – nshew13
    Commented Apr 18, 2014 at 14:14
  • 2
    Let me give an example. I remove karma from my package.json, but leave bower. When I run npm prune, I expect all of karma, including its own node_modules folder containing its dependencies, to be removed. What about bower's dependencies (bower-json, bower-logger, chmodr, fstream, glob, et al.). Technically, those aren't listed in my project's package.json. Are those removed or not?
    – nshew13
    Commented Apr 18, 2014 at 14:27
  • 4
    No, they are not. Note that they're not in your own node_modules, but inside node_modules/bower/node_modules, "protected" by node_modules/bower/package.json. Dependencies of your package and that of your package's dependencies are not mixed.
    – Darkhogg
    Commented Apr 18, 2014 at 14:30
  • 2
    and delete your shrinkwrap before npm install, should have been in above instructions.
    – Andy Ray
    Commented May 4, 2015 at 22:30
  • 2
    I use the depcheck package installed globally to check what packages are not being used. Then I go to the package-json and remove the unused packages. After those two steps, I run npm prune and everything ends right.
    – Luis Martins
    Commented Feb 8, 2018 at 4:33
394

If you're not worried about a couple minutes time to do so, a solution would be to rm -rf node_modules and npm install again to rebuild the local modules.

Improve this answer
10
  • 134
    It would be nice if people stopped downvoting this without comment.. it's a valid strategy to resetting a node project dependencies as an alternative to the accepted answer. If you damaged a node_modules sub-directory contents (easy to do with sym-linked dependencies) or if you've had additional changes like node or npm version bumps prune will not properly cleanup the node_modules folder but this answer will.
    – Pyrce
    Commented Jan 12, 2016 at 19:06
  • 63
    Rebuilding node_modules also verifies the package.json file describes a reproducible dependency graph. Removing and re-installing your node_modules is basically a deploy test.
    – joemaller
    Commented Jan 24, 2016 at 18:26
  • 14
    npm prune didn't help one iota, but this did. My problem was a broken symlink.
    – Eirik Birkeland
    Commented Apr 22, 2016 at 0:34
  • 11
    Under many non-ideal circumstances that's currently infeasible with npm. Also the question definitely did not specify some constraint on repeated work or additional fetching, just how to achieve the end goal. This answer satisfies the question as stated, despite what others may want beyond that goal.
    – Pyrce
    Commented May 4, 2016 at 18:41
  • 9
    a handy one liner is rm -rf node_modules && npm install punch it in walk away come back. Life is good.
    – Chris Sprance
    Commented Sep 11, 2017 at 23:18
27

You can use npm-prune to remove extraneous packages.

npm prune [[<@scope>/]<pkg>...] [--production] [--dry-run] [--json]

This command removes "extraneous" packages. If a package name is provided, then only packages matching one of the supplied names are removed.

Extraneous packages are packages that are not listed on the parent package's dependencies list.

If the --production flag is specified or the NODE_ENV environment variable is set to production, this command will remove the packages specified in your devDependencies. Setting --no-production will negate NODE_ENV being set to production.

If the --dry-run flag is used then no changes will actually be made.

If the --json flag is used then the changes npm prune made (or would have made with --dry-run) are printed as a JSON object.

In normal operation with package-locks enabled, extraneous modules are pruned automatically when modules are installed and you'll only need this command with the --production flag.

If you've disabled package-locks then extraneous modules will not be removed and it's up to you to run npm prune from time-to-time to remove them.

Use npm-dedupe to reduce duplication

npm dedupe
npm ddp

Searches the local package tree and attempts to simplify the overall structure by moving dependencies further up the tree, where they can be more effectively shared by multiple dependent packages.

For example, consider this dependency graph:

a
+-- b <-- depends on [email protected]
|    `-- [email protected]
`-- d <-- depends on c@~1.0.9
     `-- [email protected]

In this case, npm-dedupe will transform the tree to:

 a
 +-- b
 +-- d
 `-- [email protected]

Because of the hierarchical nature of node's module lookup, b and d will both get their dependency met by the single c package at the root level of the tree.

The deduplication algorithm walks the tree, moving each dependency as far up in the tree as possible, even if duplicates are not found. This will result in both a flat and deduplicated tree.

Improve this answer
3
  • I have MORE items in my node_modules folder after running npm dedupe. Sigh!
    – Neville
    Commented Nov 8, 2019 at 15:22
  • does remove and uninstall mean the same thing when it comes to using prune? I ran a prune instance with a --production flag. But my package.json file never udpated.
    – klewis
    Commented Feb 18, 2021 at 16:18
  • prune removes those files that present in the node_modules folder but not listed as any package's dependency list. If the --production flag is specified or the NODE_ENV environment variable is set to production, this command will remove the packages specified in your devDependencies.
    – Igor Litvinovich
    Commented Feb 19, 2021 at 17:28
10

You can run npx depcheck to get the list of dependencies and devDependencies that are not being used in the project.

Then you can run npm uninstall pkg1 pkg2 and so on to remove the dependencies.

Or you can also remove the dependencies from package.json and reinstall the packages after deleting node_modules and package-lock.json

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.