概述

BundlePhobia — Bundle Size & Dependency Bloat Analyzer

BundlePhobia scans your JavaScript and TypeScript projects for oversized dependencies, duplicate packages, tree-shaking failures, barrel file anti-patterns, and bundle configuration issues. It uses 90+ detection patterns covering 5 categories of bundle bloat. 100% local, zero telemetry.

Commands

Free Tier (No license required)

`bundlephobia scan [file|dir]`

One-shot bundle bloat scan of your project (5 file limit on free tier).

How to execute:

bash "<SKILL_DIR>/scripts/bundlephobia.sh" scan [file|dir]

What it does:

Detects project type (npm/yarn/pnpm/monorepo)
Discovers JS/TS source files, package.json, and bundler configs
Scans for oversized dependencies, duplicate packages, tree-shaking failures
Checks bundle configuration (webpack, vite, rollup, esbuild)
Analyzes dependency hygiene in package.json
Calculates a 0-100 bloat score with letter grade (A-F)

Example usage scenarios:

"Scan my project for bundle bloat" -> runs bundlephobia scan .
"Check if I have oversized dependencies" -> runs bundlephobia scan .
"Find tree-shaking issues in my code" -> runs bundlephobia scan src/
"Analyze my package.json for bloat" -> runs bundlephobia scan package.json

`bundlephobia status`

Show license info and current configuration.

bash "<SKILL_DIR>/scripts/bundlephobia.sh" status

`bundlephobia patterns`

List all 90+ detection patterns.

bash "<SKILL_DIR>/scripts/bundlephobia.sh" patterns

Pro Tier ($19/user/month — requires BUNDLEPHOBIA_LICENSE_KEY)

`bundlephobia hooks install`

Install git hooks that scan for bundle bloat on every commit.

bash "<SKILL_DIR>/scripts/bundlephobia.sh" hooks install

What it does:

Validates Pro+ license
Installs lefthook pre-commit hook targeting JS/TS files and package.json
On every commit: scans staged files for bundle bloat patterns, blocks commit if critical/high issues found

`bundlephobia hooks uninstall`

Remove BundlePhobia git hooks.

bash "<SKILL_DIR>/scripts/bundlephobia.sh" hooks uninstall

`bundlephobia report [dir]`

Generate a detailed markdown bundle health report.

bash "<SKILL_DIR>/scripts/bundlephobia.sh" report [dir]

`bundlephobia audit [dir]`

Deep dependency audit — analyzes every dependency for size, alternatives, and optimization opportunities.

bash "<SKILL_DIR>/scripts/bundlephobia.sh" audit [dir]

Team Tier ($39/user/month — requires BUNDLEPHOBIA_LICENSE_KEY with team tier)

`bundlephobia budget [dir]`

Enforce size budgets — fails if bundle exceeds configured thresholds.

bash "<SKILL_DIR>/scripts/bundlephobia.sh" budget [dir]

`bundlephobia sarif [dir]`

Generate SARIF JSON output for CI/CD integration (GitHub Code Scanning, etc.).

bash "<SKILL_DIR>/scripts/bundlephobia.sh" sarif [dir]

`bundlephobia ci [dir]`

CI mode — non-interactive scan with machine-readable output and exit codes.

bash "<SKILL_DIR>/scripts/bundlephobia.sh" ci [dir]

Detection Categories (90+ patterns)

| Category | Patterns | What It Detects |

|----------|----------|-----------------|

| Oversized Dependencies | 20 | moment.js, lodash full import, faker in prod, aws-sdk v2, etc. |

| Duplicate & Redundant | 18 | axios + node-fetch, moment + dayjs, jest + mocha, etc. |

| Tree-Shaking Failures | 20 | import *, require(), barrel re-exports, namespace imports, etc. |

| Bundle Configuration | 18 | Missing splitChunks, no code splitting, missing externals, etc. |

| Dependency Hygiene | 14+ | Pinned versions, deprecated packages, devDeps in deps, etc. |

Configuration

Add to ~/.openclaw/openclaw.json:

{
  "skills": {
    "entries": {
      "bundlephobia": {
        "enabled": true,
        "apiKey": "YOUR_LICENSE_KEY",
        "config": {
          "maxBundleSize": "500KB",
          "ignoredPackages": [],
          "severityThreshold": "high",
          "checkTreeShaking": true,
          "checkDuplicates": true
        }
      }
    }
  }
}

Important Notes

Free tier works immediately — no configuration needed
All scanning happens locally using grep-based pattern matching
License validation is offline — no phone-home, no telemetry
Works with npm, yarn, pnpm, and monorepos
Supports webpack, vite, rollup, esbuild, parcel, and next.js configs
POSIX-compatible — runs on macOS, Linux, and Windows (WSL/Git Bash)

When to Use BundlePhobia

The user might say things like:

"Scan my project for large dependencies"
"Check my bundle size"
"Find unnecessary packages in my project"
"Are there any tree-shaking issues?"
"Audit my dependencies for bloat"
"Set up bundle size monitoring"
"Check if I have duplicate packages"
"Generate a bundle health report"
"Enforce size budgets in CI"

版本历史

共 1 个版本

v1.0.1 当前

2026-05-07 17:20 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)