lopper

Local-first CLI + TUI for dependency intelligence

Measure dependency waste and attack surface before it ships.

Lopper compares imported dependencies to actual usage, then returns risk cues, waste scores, and practical recommendations for cleanup.

Install View Source
Lopper single dependency deep-dive demo in terminal
Single dependency deep-dive.
Quick Start 
brew tap ben-ranford/tap
brew install lopper
lopper analyse lodash --repo . --language js-ts

Why Lopper

Cut unused dependencies with evidence, not guesswork.

Waste Ranking

Rank dependency candidates by usage signal, impact, and confidence scoring.

CI-Ready Output

Emit JSON or SARIF for automation and code scanning workflows.

Baseline Gating

Store immutable baselines and fail builds when dependency waste regresses.

License Policy Checks

Surface license and provenance metadata and fail CI when deny-listed licenses are introduced.

Monorepo Scope Modes

Run analysis with explicit repo, workspace, or package scope for deterministic multi-package results.

Runtime Correlation

Combine static and runtime signal in JS/TS to reduce false assumptions.

Workflow

Fast loop from detection to policy.

  1. 1. Analyze

    Run lopper analyse over one dependency or the full repository surface.

  2. 2. Tune

    Adjust thresholds and scoring weights for your noise tolerance and risk model.

  3. 3. Enforce

    Compare against stored baselines in CI and block regressions before merge.

Language Coverage

Multi-language adapters for modern codebases, now spanning Kotlin Android, Swift, Flutter/Dart, and more.

Audit dependency surface before it reaches production.

Use Lopper in local development, CI pipelines, or security review workflows.

Get Latest Release