Day 16 - Audit your dependencies

Crack open your Gemfile, package.json,, or whatever file your language/dependency manager uses.

Give it a slow scan. Ask yourself:

Do you still need everything in there?

Does anything need to be updated?

Can you reduce a production dependency to a development/test one?

Rubyists: maybe run bundler-audit to automatically check for gems with known vulnerabilites.

Is your file nicely laid out and sorted alphabetically? Should it be?

Note: to audit the freshness of our dependencies, I like to use

It’s simple and efficient to discuss with colleagues. And it has ports in many languages.

And if you want to take that monitoring further, folks at Corgibytes have developed a tool for that: GitHub - corgibytes/freshli-cli: A tool for displaying historical metrics about a project's dependencies. Run the Freshli CLI on you project to see how your project's dependency freshness changes over time.

Hope that helps/inspires you :wink: