package.json Analyzer

A package.json analyzer inspects your Node.js project's package.json file to identify potential issues, security concerns, and dependency management problems. The package.json file is the heart of every Node.js project — it defines dependencies, scripts, metadata, and configuration that determine how your project builds, runs, and installs.

Common problems lurking in package.json files include wildcard version ranges that can pull breaking changes, duplicate packages in both dependencies and devDependencies, missing metadata fields, suspicious package names that could indicate typosquatting attacks, and bloated dependency trees. These issues can lead to broken builds, security vulnerabilities, and unnecessarily large node_modules directories.

Our package.json analyzer parses your file, counts and categorizes all dependencies, estimates node_modules size, checks for typosquatting patterns, flags version range concerns, and generates a comprehensive report — all entirely in your browser. Paste your package.json and get instant insights into your project's dependency health.

1. Paste your package.json — Copy your entire package.json file into the input area, or click "Load Example" to see the analyzer in action with a sample file.
2. Click "Analyze" — The tool parses the JSON and runs all checks: dependency counting, version range analysis, typosquatting detection, and missing field checks.
3. Review the overview — See project metadata (name, version, license, author), entry points, engines, and dependency counts at a glance with estimated node_modules size.
4. Browse dependencies — Search and filter through production, dev, and peer dependencies. Each one shows its version range for quick auditing.
5. Check issues — Review errors (typosquatting alerts), warnings (wildcard versions, duplicates), and info items (exact versions, missing optional fields) with severity indicators.

• Typosquatting detection — Checks dependency names against common typosquatting patterns for popular packages like lodash, axios, react, webpack, and eslint.
• Version range analysis — Flags wildcard (*) and overly broad (>=) version ranges that risk pulling breaking changes, and notes exact-pinned versions that won't auto-update.
• Duplicate detection — Identifies packages that appear in both dependencies and devDependencies, which can cause confusion and unexpected behavior.
• node_modules size estimation — Estimates the total size of your node_modules directory based on dependency count, helping you gauge project bloat.
• Searchable dependency list — Filter through all dependencies by name, organized into production, dev, and peer categories with version badges.
• 100% client-side — Your package.json never leaves your browser. No server processing, no data storage.

• Security auditing — Check for typosquatting attacks where malicious packages use names similar to popular libraries (e.g., "lodahs" instead of "lodash").
• Dependency cleanup — Identify packages duplicated across deps and devDeps, overly broad version ranges, and missing metadata that should be added before publishing.
• Pre-publish checklist — Verify that your package has proper description, license, repository URL, and engine requirements before publishing to npm.
• Project onboarding — Quickly understand a new project's dependency landscape: what frameworks it uses, how many packages it depends on, and its approximate node_modules footprint.
• Code review support — Generate a dependency analysis report to share during pull request reviews when significant dependency changes are proposed.