What does the package.json deep audit check?

The audit checks for outdated dependencies, known vulnerabilities, deprecated packages, license compatibility issues, and unnecessary dependencies. It also flags packages with no recent maintenance activity.

Does it check devDependencies too?

Yes. The audit covers both dependencies and devDependencies, with separate reporting for each. It also checks peerDependencies for compatibility.

How does it detect abandoned packages?

Packages are flagged as potentially abandoned if they have not had a release in over 2 years, have open security issues without patches, or have been officially deprecated on npm.

Can I export the audit results?

Yes. Results can be downloaded as JSON or markdown reports, suitable for including in pull requests or compliance documentation.

Home
Developer Tools & Resources
package.json Deep Audit

package.json Deep Audit

⚠️ This tool is being retired

npm audit covers this natively. Check out our recommended alternative instead.

package.json Deep Audit

Audit your Node.js dependencies for license conflicts, bundle bloat, deprecated packages, and security risks. All analysis runs locally.

✓ 100+ Packages Analyzed

✓ License Compat Check

✓ 100% Client-Side

✓ Free & Open

Paste Your package.json

Overall Health Score

Overview

Licenses

Bundle Size

Maintenance

Security

Best Practices

Frequently Asked Questions

How accurate is the license detection? ▶

Our tool uses a curated database of 200+ popular npm packages with verified license information. For packages not in our database, we apply pattern matching based on common licensing conventions. While highly accurate for popular packages, always verify licenses for critical commercial projects.

Are bundle size estimates realistic? ▶

Bundle sizes are based on gzipped sizes from actual webpack builds and npm package stats. Estimates include common dependencies but may vary based on your bundler configuration, tree-shaking, and usage patterns. Use these as guidelines for optimization opportunities.

Does this tool send my package.json anywhere? ▶

No! Everything runs 100% client-side in your browser. Your package.json content never leaves your device. All analysis is performed using pre-built databases included in this tool. No network requests are made during the audit process.

How often is the security data updated? ▶

Our security database includes historically compromised packages and common vulnerability patterns. While comprehensive for known issues, this tool shouldn’t replace dedicated security scanning tools like npm audit, Snyk, or similar services for real-time vulnerability detection.

Can I use this for private/commercial projects? ▶

Absolutely! This tool is free and open for any use. Since it runs entirely client-side, there are no privacy concerns with commercial or proprietary codebases. The insights can help optimize bundle sizes, identify license conflicts, and improve overall dependency management.

Related Resources

💚 Node.js Releases 📋 Node.js Version History ❓ Node.js FAQ

Founded

2023 in London, UK

Contact

hello@releaserun.com

package.json Deep Audit

package.json Deep Audit

Paste Your package.json

Frequently Asked Questions

Related Resources

Founded

Contact

</> Embed package.json Deep Audit