0.06
Low commit activity in last 3 years
No release in over a year
Looks through your lockfile and tries to identify problematic use of dependencies
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 2.13
~> 0.10
~> 3.4

Runtime

>= 0.19.0, < 2.0
>= 1.9, < 3
 Project Readme

Bundler Stats

You remember that time someone yanked their library and the entire Node universe fell apart? Yeah, me too. And all the thinkpieces that came out just afterward were right: you should be careful about what dependencies you include in your project.

This project gives you some tools you can use with an existing Gemfile to determine which gems are including long trees of their own dependencies, and which you can potentially remove.

This is an exploratory tool, and I'd be interested to hear what other criteria would be useful in determining what tools to remove.

Installation

You don't need to include bundler-stats in your Gemfile, just gem install bundler-stats. Unless you wanted to build automation around its usage, in which case, add it to your Gemfile instead.

Usage

> bundle-stats help
  Commands:
    bundle-stats help [COMMAND]   # Describe available commands or one specific command
    bundle-stats show TARGET      # Prints the dependency tree for a single gem in your Gemfile
    bundle-stats stats            # Displays basic stats about the gems in your Gemfile
    bundle-stats version          # Prints the bundler-stats version
    bundle-stats versions TARGET  # Shows versions requirements for target in other dependencies

Auditing Your Gemfile

The most obvious thing to do is run the command by itself, which should help identify problem areas.

> bundle-stats

+----------------------------|------------|----------------+
|                       Name | Total Deps | 1st Level Deps |
+----------------------------|------------|----------------+
|                rails_admin | 60         | 12             |
|                      rails | 40         | 12             |
|              compass-rails | 35         | 3              |
|                 haml-rails | 29         | 5              |
|                rspec-rails | 27         | 7              |
|                 sass-rails | 26         | 5              |
|                     devise | 26         | 5              |
|                     scenic | 25         | 2              |
|               coffee-rails | 25         | 2              |
|              guard-rubocop | 24         | 2              |
|                 versionist | 23         | 3              |
|          factory_bot_rails | 23         | 2              |
| ... omitted stuff here ...                               |
+----------------------------|------------|----------------+

      Declared Gems   56
         Total Gems   170
  Unpinned Versions   54
        Github Refs   0

It looks like rails_admin is a huge problem. Use show to investigate.

> bundle-stats show rails_admin
bundle-stats for rails_admin

+--------------------------------|----------------------------------------+
|           Depended Upon By (0) |                                        |
|                Depends On (60) | builder, coffee-rails                  |
|                                | font-awesome-rails, haml, jquery-rails |
|                                | jquery-ui-rails, kaminari, nested_form |
|                                | rack-pjax, rails, remotipart           |
|                                | sass-rails, coffee-script, railties    |
|                                | coffee-script-source, execjs           |
|                                | actionpack, activesupport              |
|                                | method_source, rake, thor, actionview  |
|                                | rack, rack-test, rails-dom-testing     |
|                                | rails-html-sanitizer, erubi            |
|                                | concurrent-ruby, i18n, minitest        |
|                                | tzinfo, thread_safe, nokogiri          |
|                                | mini_portile2, loofah, crass, temple   |
|                                | tilt, kaminari-actionview              |
|                                | kaminari-activerecord, kaminari-core   |
|                                | activerecord, activemodel, arel        |
|                                | actioncable, actionmailer, activejob   |
|                                | activestorage, bundler                 |
|                                | sprockets-rails, nio4r                 |
|                                | websocket-driver, websocket-extensions |
|                                | mail, globalid, mini_mime, marcel      |
|                                | mimemagic, sprockets, sass             |
|             Unique to This (9) | font-awesome-rails, kaminari           |
|                                | nested_form, rack-pjax, remotipart     |
|                                | kaminari-actionview                    |
|                                | kaminari-activerecord, kaminari-core   |
|                                | bundler                                |
+--------------------------------|----------------------------------------+

Skipping Common Dependencies

Let's take a look at another common gem to rails codebases. In this case, we have some unique dependencies, but also many dependencies on rails, and on its constituent gems.

> bundle-stats show compass-rails
bundle-stats for compass-rails

+--------------------------------|----------------------------------------+
|           Depended Upon By (0) |                                        |
|                Depends On (35) | compass, sass-rails, sprockets         |
|                                | chunky_png, compass-core               |
|                                | compass-import-once, rb-fsevent        |
|                                | rb-inotify, sass, multi_json, ffi      |
|                                | railties, sprockets-rails, tilt        |
|                                | actionpack, activesupport, method_source |
|                                | rake, thor, actionview, rack, rack-test |
|                                | rails-dom-testing, rails-html-sanitizer |
|                                | builder, erubi, concurrent-ruby, i18n  |
|                                | minitest, tzinfo, thread_safe, nokogiri |
|                                | mini_portile2, loofah, crass           |
|             Unique to This (3) | compass, compass-core                  |
|                                | compass-import-once                    |
+--------------------------------|----------------------------------------+

We're not looking to remove rails, so there's not much point in including it within this output. Instead, we can use the nofollow flag to skip it in all output lists.

> bundle-stats show compass-rails --nofollow="railties,activeupport,actionview,actionpack"
bundle-stats for compass-rails

+--------------------------------|----------------------------------------+
|           Depended Upon By (0) |                                        |
|                Depends On (20) | compass, sass-rails, sprockets         |
|                                | chunky_png, compass-core               |
|                                | compass-import-once, rb-fsevent        |
|                                | rb-inotify, sass, multi_json, ffi      |
|                                | sprockets-rails, tilt, concurrent-ruby |
|                                | rack, activesupport, i18n, minitest    |
|                                | tzinfo, thread_safe                    |
|             Unique to This (3) | compass, compass-core                  |
|                                | compass-import-once                    |
+--------------------------------|----------------------------------------+

This is better, but for other codebases it's common for gems to depend on each of the many many child gems of rails individually. Rather than specifying each by itself, we can use wildcards to remove them in bulk.

> bundle-stats show compass-rails --nofollow="rail*,action*,active*"
bundle-stats for compass-rails

+--------------------------------|----------------------------------------+
|           Depended Upon By (0) |                                        |
|                Depends On (15) | compass, sass-rails, sprockets         |
|                                | chunky_png, compass-core               |
|                                | compass-import-once, rb-fsevent        |
|                                | rb-inotify, sass, multi_json, ffi      |
|                                | sprockets-rails, tilt, concurrent-ruby |
|                                | rack                                   |
|             Unique to This (3) | compass, compass-core                  |
|                                | compass-import-once                    |
+--------------------------------|----------------------------------------+

Showing Required Versions

Sometimes you try to upgrade a gem, you ask bundler very nicely, but you find that the version hasn't changed. When that happens, sometimes it's not clear why the gem version isn't changing.

In that case, use versions to list all required dependencies on your gem.

> bundle-stats versions actionpack
version dependencies for actionpack

Depended Upon By   24
Resolved Version   5.2.0

+----------------------------|------------------+
|                       Name | Required Version |
+----------------------------|------------------+
|                  webpacker | = 5.2.0          |
|               actionmailer | = 5.2.0          |
|              activestorage | = 5.2.0          |
|               coffee-rails | = 5.2.0          |
|              compass-rails | = 5.2.0          |
|                     devise | = 5.2.0          |
|          factory_bot_rails | = 5.2.0          |
|         font-awesome-rails | = 5.2.0          |
|                rails_admin | = 5.2.0          |
|                   railties | = 5.2.0          |
|                 sass-rails | = 5.2.0          |
|                     scenic | = 5.2.0          |
|                 versionist | = 5.2.0          |
|                actioncable | = 5.2.0          |
|               jquery-rails | = 5.2.0          |
|            jquery-ui-rails | = 5.2.0          |
| jquery_file_download-rails | = 5.2.0          |
|                      rails | = 5.2.0          |
|                rspec-rails | >= 3.0           |
|            sprockets-rails | >= 4.0           |
|                 haml-rails | >= 4.0.1         |
|                 responders | >= 4.2.0, < 5.3  |
|                simple_form | >= 5.0           |
|   rails-controller-testing | ~> 5.x, >= 5.0.1 |
+----------------------------|------------------+

Output Formats

To consume information with a build job or somesuch, all commands can emit JSON.

> bundle-stats show sass-rails --nofollow="railties,activesupport,actionpack" -f json
{
  "name": "sass-rails",
  "total_dependencies": 9,
  "first_level_dependencies": 5,
  "top_level_dependencies": {
    "compass-rails": "compass-rails (3.1.0)",
    "rails_admin": "rails_admin (1.3.0)"
  },
  "transitive_dependencies": [
    "railties (< 6, >= 4.0.0)",
    "sass (~> 3.1)",
    "sprockets (< 4.0, >= 2.8)",
    "sprockets-rails (< 4.0, >= 2.0)",
    "tilt (< 3, >= 1.1)",
    "concurrent-ruby (~> 1.0)",
    "rack (< 3, > 1)",
    "actionpack (>= 4.0)",
    "activesupport (>= 4.0)"
  ],
  "potential_removals": [

  ]
}

Custom Gemfile path

This gem by default attempts to locate the Gemfile and Gemfile.lock files in parent directories. If you want to specify a specific location for your Gemfile/gems.rb file, you can use the --gemfile_path option.

> bundle-stats show sass-rails --gemfile_path=/Users/user/project/Gemfile

Keep in mind that the location of the Gemfile.lock/gems.locked file will be inferred from the location of the Gemfile/gems.rb file.

Contributing

Contributions are very welcome. Fork, fix, submit pull requests.

Before you submit your pull request, make sure that the test suite passes:

bundle exec rspec spec

Contribution is expected to conform to the Contributor Covenant.

Credits

Thanks to the many kind people at RailsCamp East 2016 for the help, the ideas, and the support.

Also, many other folks for their feature / fix contributions. ❤️

License

This software is released under the MIT License.