{"id":49394858,"url":"https://github.com/ashref-dev/midna","last_synced_at":"2026-04-28T15:03:47.463Z","repository":{"id":337123943,"uuid":"1146178284","full_name":"Ashref-dev/midna","owner":"Ashref-dev","description":"Discover and identify unused MPM dependencies in your TypeScript projects.","archived":false,"fork":false,"pushed_at":"2026-02-07T22:50:41.000Z","size":72,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-08T05:55:17.055Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ashref-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-30T18:16:02.000Z","updated_at":"2026-02-07T22:50:44.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Ashref-dev/midna","commit_stats":null,"previous_names":["ashref-dev/midna"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/Ashref-dev/midna","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ashref-dev%2Fmidna","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ashref-dev%2Fmidna/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ashref-dev%2Fmidna/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ashref-dev%2Fmidna/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ashref-dev","download_url":"https://codeload.github.com/Ashref-dev/midna/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ashref-dev%2Fmidna/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32385943,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-28T14:34:11.604Z","status":"ssl_error","status_checked_at":"2026-04-28T14:32:37.009Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-28T15:03:29.917Z","updated_at":"2026-04-28T15:03:47.454Z","avatar_url":"https://github.com/Ashref-dev.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# midna.ashref.tn\n\nA cautious, Next.js-aware dependency auditor that tells you what you can safely remove, with evidence.\n\nMade by Ashref (ashref.tn)\n\n## Overview\n\nMidna analyzes your JavaScript/TypeScript repository to identify which npm dependencies are actually being used. It uses a conservative confidence model that prioritizes safety over aggressive removal, helping teams clean up their dependency trees without breaking their applications.\n\n### Key Features\n\n- **Two-Stage Scan Pipeline**: Fast string scanning + AST verification for accuracy\n- **Confidence-Based Classification**: USED (\u003e=70%), UNCERTAIN (30-69%), UNUSED (\u003c30%)\n- **Next.js Awareness**: Detects \"use client\" directives and client/server usage\n- **Evidence Collection**: Shows file paths, line numbers, and code snippets\n- **Config File Scanning**: Analyzes next.config, tailwind.config, etc.\n- **Workspace Support**: Works with monorepos (npm/pnpm workspaces)\n- **Caching**: Fast repeated scans with file-based caching\n- **Multiple Output Formats**: Human-readable tables and machine-readable JSON\n\n## Installation\n\n```bash\n# Run directly with npx/bunx\nnpx midna scan\nbunx midna scan\n\n# Or install globally\nnpm install -g midna\nbun install -g midna\n```\n\n## Usage\n\n### Scan Command\n\n```bash\n# Basic scan\nmidna scan\n\n# Output as JSON\nmidna scan --json\n\n# Save to file\nmidna scan --output report.json\n\n# Fail CI if unused dependencies found\nmidna scan --fail-on-unused\n\n# Verbose output\nmidna scan --verbose\n```\n\n### Explain Command\n\n```bash\n# Show detailed evidence for a specific package\nmidna explain lodash\n```\n\n## CLI Options\n\n| Option | Description |\n|--------|-------------|\n| `-j, --json` | Output as JSON |\n| `-o, --output \u003cpath\u003e` | Write report to file |\n| `-f, --format \u003cformat\u003e` | Output format: `table` (default) or `json` |\n| `-w, --workspace \u003cname\u003e` | Scan specific workspace |\n| `-a, --all-workspaces` | Scan all workspaces |\n| `-s, --since \u003cref\u003e` | Only analyze files changed since git ref |\n| `-i, --include \u003cpattern\u003e` | Additional include patterns |\n| `-e, --exclude \u003cpattern\u003e` | Exclude patterns |\n| `--no-config` | Disable config file scanning |\n| `--no-cache` | Disable cache |\n| `--cache-dir \u003cpath\u003e` | Custom cache directory |\n| `--fail-on-unused` | Exit non-zero if unused dependencies exist |\n| `--fail-on-uncertain` | Exit non-zero if uncertain dependencies exist |\n| `--min-confidence-unused \u003cn\u003e` | Threshold for UNUSED (default: 0.30) |\n| `--min-confidence-used \u003cn\u003e` | Threshold for USED (default: 0.70) |\n| `-q, --quiet` | Only print summary |\n| `-v, --verbose` | Print debug details |\n| `--cwd \u003cpath\u003e` | Working directory (default: current directory) |\n\n## Exit Codes\n\n- `0`: Success, no violations\n- `1`: Scan completed but violations triggered by flags\n- `2`: Runtime error (invalid repo, parse failure, etc.)\n\n## How It Works\n\n### Two-Stage Pipeline\n\n1. **Stage A - Fast Scan**: Uses regex patterns to quickly identify files that might reference dependencies\n2. **Stage B - AST Verification**: Parses files with SWC to confirm actual import/require statements\n\n### Confidence Scoring\n\nEvidence types are weighted by confidence:\n\n| Evidence Type | Confidence |\n|--------------|------------|\n| Static import/export | 100% |\n| Type import | 90% |\n| require() | 100% |\n| Dynamic import | 80% |\n| Config reference | 40% |\n| String reference | 30% |\n\nMultiple pieces of evidence boost confidence slightly (up to 15%).\n\n### Next.js Detection\n\nMidna detects:\n- `\"use client\"` directives for client-side code\n- Server vs client usage classification\n- Config files (next.config.*, middleware.ts, etc.)\n\n## Example Output\n\n```\n================================================================================\n  Midna - Dependency Usage Report\n================================================================================\n\n  Repository: /Users/me/my-project\n  Timestamp: 2/7/2026, 8:45:30 PM\n\n  ----------------------------------------\n  Summary:\n  ----------------------------------------\n    USED:        15\n    UNUSED:       3\n    UNCERTAIN:    2\n  ----------------------------------------\n\n  [SAFE] Safe Removal Candidates:\n  ----------------------------------------\n    - old-library (dependencies)\n    - unused-utils (devDependencies)\n\n  Detailed Results:\n\n  ------------------------------------------------------------------------------\n  Package                     | Status     | Conf   | Side     | Section       \n  ------------------------------------------------------------------------------\n  [X] old-library             | unused     | 0%     | unknown  | dependencies  \n  [?] config-helper           | uncertain  | 50%    | unknown  | dependencies  \n  [OK] react                  | used       | 100%   | both     | dependencies  \n  [OK] next                   | used       | 100%   | server   | dependencies  \n  ------------------------------------------------------------------------------\n```\n\n## Configuration\n\nMidna works out of the box with zero configuration. It automatically:\n- Discovers your package.json\n- Scans standard Next.js directories (app/, pages/, components/, etc.)\n- Analyzes config files (next.config.*, tailwind.config.*, etc.)\n- Respects .gitignore patterns\n\n## Development\n\n```bash\n# Install dependencies\nbun install\n\n# Build\nbun run build\n\n# Run locally\nnode dist/cli.js scan\n```\n\n## Security\n\nMidna is designed with security in mind:\n- Never executes user code\n- Only performs static analysis\n- Does not upload any data externally\n- Caches results locally only\n- Uses SHA-256 for cache key hashing\n\n## License\n\nMIT\n\n## Author\n\nAshref (ashref.tn)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fashref-dev%2Fmidna","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fashref-dev%2Fmidna","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fashref-dev%2Fmidna/lists"}