dependency-cleanuplisted

## Purpose Bloated dependencies slow down builds, increase security surface area, and complicate updates. Audit manifests against actual imports, remove unused packages via the package manager (so lockfiles stay correct), and validate with the build. ## When to Use - The dependency list has grown without review - Installs/builds are slow, or audits report vulnerabilities in packages nobody remembers using - Multiple libraries in the manifest serve the same purpose ## Inputs - The package manifest(s) — package.json, requirements.txt, Cargo.toml, or equivalent - The repo's build and test commands ## Workflow 1. **Audit the manifest.** List declared dependencies: ```bash npm ls --depth=0 # JavaScript/TypeScript pip list --not-required # Python: packages nothing else depends on ``` 2. **Verify usage — manifest vs imports.** For any suspect dependency, perform a global search across the codebase: ```bash grep -rn "from ['\"]lodash\|require(['\"]lodash" . grep -rn "^import requests\|^from requests" . # Python import forms npx depcheck # JS/TS: automated manifest-vs-import report, if available ``` Search build scripts, configs, and CI files too — not just src/. 3. **Remove with the package manager.** If there are zero usages, use the native command (e.g., `npm uninstall lodash` or `pip uninstall ...`). Do not just manually edit the manifest unless absolutely necessary, to ensure lockfiles