bundle-weightlisted

Audit package.json for heavyweight dependencies, duplicate-purpose libraries, and misplaced build tools before they bloat bundles and slow cold starts. Use when the user mentions slow builds, large bundles, slow page loads, serverless cold starts, 'why is my app heavy', dependency cleanup, or when reviewing any package.json. Runs fully offline — no API keys, no network, no credentials.
Starr-del/ShipSafe · ★ 0 · DevOps & Infrastructure · score 70

Install: claude install-skill Starr-del/ShipSafe

# bundle-weight Part of **shipsafe** — offline deploy-safety skills. Every script is stdlib-only Python 3.8+; nothing leaves the machine. ```bash python3 scripts/audit_weight.py <project_root> [--json] ``` Three checks against curated tables: - **HEAVY_DEP** — packages with well-known lighter or native replacements (moment → date-fns/Intl, axios → fetch, uuid → crypto.randomUUID, dotenv → platform-native env, deprecated `request`...). - **DUPLICATE_PURPOSE** — two+ libraries doing the same job (HTTP clients, date libs, state managers, validators, CSS-in-JS). Each ships in full. - **MISPLACED_TYPES** — @types/*, typescript, eslint etc. in `dependencies` instead of `devDependencies`, slowing production installs. Interpretation guidance: these are review prompts, not mandates. A flagged dep that the project uses deeply (e.g. rxjs with heavy operator use, axios with interceptors) is a legitimate keep — confirm usage before recommending removal, and prefer suggesting the migration only when the usage is shallow. Exit codes: 0 clean, 1 findings. All paths below are relative to this skill's directory (bundle-weight/).