Detecting and removing bloated dependencies in CommonJS packages

JavaScript packages are notoriously prone to bloat, a factor that significantly impacts the performance and maintainability of web applications. While web bundlers and tree-shaking can mitigate this issue in client-side applications, state-of-the-art techniques have limitations on the detection and...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:The Journal of systems and software Jg. 230; S. 112509
Hauptverfasser: Liu, Yuxin, Tiwari, Deepika, Bogdan, Cristian, Baudry, Benoit
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Elsevier Inc 01.12.2025
Schlagworte:
CommonJS
Dependency bloat
Dependency management
Node.js
npm
Dependency management
CommonJS
Node.js
npm
Dependency bloat
ISSN:0164-1212, 1873-1228
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:JavaScript packages are notoriously prone to bloat, a factor that significantly impacts the performance and maintainability of web applications. While web bundlers and tree-shaking can mitigate this issue in client-side applications, state-of-the-art techniques have limitations on the detection and removal of bloat in server-side applications. In this paper, we present the first study to investigate bloated dependencies within server-side JavaScript applications, focusing on those built with the widely used and highly dynamic CommonJS module system. We propose a trace-based dynamic analysis that monitors the OS file system, to determine which dependencies are not accessed during runtime. To evaluate our approach, we curate an original dataset of 91 CommonJS packages with a total of 50,488 dependencies. Compared to the state-of-the-art dynamic and static approaches, our trace-based analysis demonstrates higher accuracy in detecting bloated dependencies. Our analysis identifies 50.6% of the 50,488 dependencies as bloated: 13.8% of direct dependencies and 51.3% of indirect dependencies. Furthermore, removing only the direct bloated dependencies by cleaning the dependency configuration file can remove a significant share of unnecessary bloated indirect dependencies while preserving function correctness. •Over half (50.6%) of the dependencies are bloated, with indirect dependencies being predominant.•Removing direct bloated dependencies also eliminates a significant portion of indirect ones.•Trace-based analysis outperforms state-of-the-art static and dynamic methods in detecting bloated dependencies.
ISSN:0164-1212
1873-1228
DOI:10.1016/j.jss.2025.112509