Crack open your Gemfile, package.json, setup.py, or whatever file your language/dependency manager uses.
Give it a slow scan. Ask yourself:
Do you still need everything in there?
Does anything need to be updated?
Can you reduce a production dependency to a development/test one?
Rubyists: maybe run bundler-audit to automatically check for gems with known vulnerabilites.
Is your file nicely laid out and sorted alphabetically? Should it be?
Note: to audit the freshness of our dependencies, I like to use https://libyear.com/
It’s simple and efficient to discuss with colleagues. And it has ports in many languages.
And if you want to take that monitoring further, folks at Corgibytes have developed a tool for that: GitHub - corgibytes/freshli-cli: A tool for displaying historical metrics about a project's dependencies. Run the Freshli CLI on you project to see how your project's dependency freshness changes over time.
Hope that helps/inspires you 
