lopper

Local-first CLI + TUI for dependency intelligence

Measure dependency waste and attack surface before it ships.

Lopper compares imported dependencies to actual usage, then returns risk cues, waste scores, and practical recommendations for cleanup.

Install View Source
Lopper single dependency deep-dive demo in terminal
Single dependency deep-dive.
Quick Start 
brew tap ben-ranford/tap
brew install lopper
lopper analyse lodash --repo . --language js-ts

Why Lopper

Cut unused dependencies with evidence, not guesswork.

Waste Ranking

Rank dependency candidates by usage signal, impact, and confidence scoring.

CI-Ready Output

Emit JSON or SARIF for automation and code scanning workflows.

Baseline Gating

Store immutable baselines and fail builds when dependency waste regresses.

Runtime Correlation

Combine static and runtime signal in JS/TS to reduce false assumptions.

Workflow

Fast loop from detection to policy.

  1. 1. Analyze

    Run lopper analyse over one dependency or the full repository surface.

  2. 2. Tune

    Adjust thresholds and scoring weights for your noise tolerance and risk model.

  3. 3. Enforce

    Compare against stored baselines in CI and block regressions before merge.

Language Coverage

Multi-language adapters for modern codebases.

js-ts python cpp jvm go php rust dotnet

Audit dependency surface before it reaches production.

Use Lopper in local development, CI pipelines, or security review workflows.

Get Latest Release