Vanta Logo
SPONSOR
Automate SOC 2 & ISO 27001 compliance with Vanta. Get $1,000 off.
Claim deal
Up to date
Published
4 min read

Trevor I. Lasn

Staff Software Engineer, Engineering Manager

Remove Unnecessary NPM Packages with eslint-plugin-depend

We don't need packages to handle basic JavaScript tasks

The NPM ecosystem is cluttered with unnecessary packages like is-odd, is-even, is-number, and more. We don’t need this unnecessary clutter.

Ever heard of the is-number? It’s an infamous NPM package that simply checks if a value is a number or not.

import isNumber from 'is-number';

I checked out the is-number package and here’s what it actually does.

module.exports = function(num) {
  if (typeof num === 'number') {
    return num - num === 0;
  }
  if (typeof num === 'string' && num.trim() !== '') {
    return Number.isFinite ? Number.isFinite(+num) : isFinite(+num);
  }
  return false;
};

If only there were a built-in method to check if something is a number. Oh, wait… there is.

const number = 5;
typeof number === "number" && Number.isFinite(number); // true

  1. typeof num === ‘number’: Verifies that num is of the type “number”. This excludes other data types like strings, objects, etc.

  2. Number.isFinite(num): Ensures that num is a finite number, meaning it is not NaN, Infinity, or -Infinity.

Infinity, -Infinity, and NaN are all considered numbers in JavaScript, so typeof returns ‘number’ for each of them. Thus, these statements are true.

typeof Infinity === 'number';  // true
typeof -Infinity === 'number'; // true
typeof NaN === 'number';       // true

While typeof returns true for each of these values, Number.isFinite returns false because Infinity, -Infinity, and NaN are not finite numbers. Therefore, the combined expressions using && evaluate to false.

typeof Infinity === "number" && Number.isFinite(Infinity); // false
typeof -Infinity === "number" && Number.isFinite(-Infinity); // false
typeof NaN === "number" && Number.isFinite(NaN); // false

Both 5 and -5 are valid, finite numbers, so both expressions are true.

typeof 5 === "number" && Number.isFinite(5); //true
typeof -5 === "number" && Number.isFinite(-5); // true

Moving back to rubbish packages. How on earth does is-number have 68,049,915 weekly downloads?

I guess it’s likely because is-number is a dependency for many popular libraries and frameworks. Even if you’re not using it directly, it could be included in your project through another package that relies on it.

left-pad package

In 2016, the left-pad package was unexpectedly removed from the npm registry, causing widespread disruption in the JavaScript ecosystem.

Many projects depended on this tiny package for a simple string padding function.

Its removal led to broken builds and errors in numerous projects, highlighting the risks of relying on overly granular or unnecessary dependencies.

The incident underscored the importance of using native functionality whenever possible to avoid such issues. See the left-pad incident wikipedia page.

import leftpad from 'left-pad';

Since String.prototype.padStart is a standard part of modern JavaScript, there’s no need to rely on an additional package for this.

"left-pad" should be replaced with native functionality. You can instead use String.prototype.padStart.


Read more here: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/padStarteslintdepend/ban-dependencies

eslint-plugin-depend

This ESLint plugin detects redundant packages and suggests more efficient alternatives.

import isNumber from 'is-number';

Would trigger a notification inside the code editor/IDE

"is-number" should be replaced with inline/local logic. Use typeof v === "number" || (typeof v === "string" && Number.isFinite(+v)) eslint depend/ban-dependencies

Installing


npm i -D eslint-plugin-depend

eslint.config.js

import * as depend from 'eslint-plugin-depend';


export default [
  depend.configs['flat/recommended']
];

You may choose a preset list of dependencies (or none). The following are available:

  1. microutilities: micro utilities (e.g. one liners)
  2. native: redundant packages with native equivalents
  3. preferred: an opinionated list of packages with better maintained and lighter alternatives
Terminal window
{
  "rules": {
    "depend/ban-dependencies": ["error", {
      "presets": ["native"]
    }]
  }
}

The default is [‘native’, ‘microutilities’, ‘preferred’].

modules: You may specify your own list of packages which will be disallowed in code.

Terminal window
{
  "rules": {
    "depend/ban-dependencies": ["error", {
      "modules": ["im-a-banned-package"]
    }]
  }
}

Putting it together

import * as depend from 'eslint-plugin-depend';


export default [
  depend.configs['flat/recommended'],
  {
    rules: {
      "depend/ban-dependencies": ["error", {
        presets: ["native"],
        modules: ["im-a-banned-package"]
      }]
    }
  }
];

Trim the fat, clear out the clutter, and let your code breathe. Your users will thank you for it.

If you found this article helpful, you might enjoy my free newsletter. I share developer tips and insights to help you grow your skills and career.

More Articles You Might Enjoy

If you enjoyed this article, you might find these related pieces interesting as well. If you like what I have to say, please check out the sponsors who are supporting me. Much appreciated!

Webdev
3 min read

CSS @supports: Write Future-Proof CSS

Detect CSS feature support and provide smart fallbacks with @supports

Dec 6, 2024
Read article
Webdev
3 min read

CVE-2025-29927 - Next.js Middleware Bypass Explained In Simple Terms

The vulnerability skips Next.js middleware security checks by adding a single HTTP header

Apr 6, 2025
Read article
Webdev
5 min read

SecretLint — A Linter for Preventing Committing Credentials

A guide to catching and preventing credential leaks in your code using Secretlint

Oct 22, 2024
Read article
Webdev
6 min read

Inside the CSS Engine: CSSOM Explained

A deep dive into how browsers parse and manipulate CSS, its impact on web performance, and why it matters

Oct 25, 2024
Read article
Webdev
4 min read

Explicit is better than implicit

Clarity is key: being explicit makes your code more readable and maintainable.

Sep 4, 2024
Read article
Webdev
3 min read

HTML Details Element: The Native Accordion You're Not Using

Discover how the HTML details element can replace your JavaScript accordions and why it might be better than your current solution

Dec 10, 2024
Read article
Webdev
7 min read

Tips for Reducing Cyclomatic Complexity

Cyclomatic complexity is like counting how many ways a car can go. More options make it harder to drive because you have to make more decisions, which can lead to confusion.

Sep 10, 2024
Read article
Webdev
3 min read

CSS ::target-text for Text Highlighting

A look at how browsers can highlight text fragments using CSS ::target-text, making text sharing and navigation more user-friendly

Dec 17, 2024
Read article
Webdev
3 min read

Preloading Responsive Images

How to properly preload responsive images to improve initial page load

Nov 28, 2024
Read article
all articles

This article was originally published on https://www.trevorlasn.com/blog/eslint-plugin-depend. It was written by a human and polished using grammar tools for clarity.