See the size, security risk, and age of every npm dependency in one table.
$ npx node-weight
┌─────────────────────────┬───────────┬────────────┬──────────────┐
│ Package │ Size │ Security │ Last Updated │
├─────────────────────────┼───────────┼────────────┼──────────────┤
│ zod │ 4.1 MB │ ✓ clean │ 69 days ago │
├─────────────────────────┼───────────┼────────────┼──────────────┤
│ @modelcontextprotocol/… │ 4.1 MB │ ✓ clean │ 36 days ago │
├─────────────────────────┼───────────┼────────────┼──────────────┤
│ lodash │ 1.4 MB │ ● HIGH │ 847 days ago │
├─────────────────────────┼───────────┼────────────┼──────────────┤
│ express │ 248.0 KB │ ✓ clean │ 42 days ago │
└─────────────────────────┴───────────┴────────────┴──────────────┘
42 packages | 87.3 MB | 1 with vulnerabilities
npm audit shows security issues but not which dependencies are bloated.
bundlephobia shows bundle size but requires a browser.
Nothing shows all three — size + security + freshness — in one quick CLI run.
node-weight fills that gap.
Use node-weight to audit your node_modules for dependency staleness, check package health at a glance, catch supply chain security risks from outdated packages, and get a full node modules analyzer report in one command — no install needed.
Zero install required:
npx node-weightOr install globally:
npm install -g node-weight
node-weight- Size — installed disk size of each top-level dependency (recursive, no shell calls)
- Security — worst vulnerability severity per package via
npm audit - Age — days since the installed version was published on npm
- Summary row — total packages, total size, number with vulnerabilities
- Color-coded severity: 🔴 CRITICAL / HIGH · 🟡 MODERATE · 🔵 LOW · 🟢 clean
- Color-coded age: 🟢 <30d · 🟡 <180d · 🟠 <1yr · 🔴 1yr+
- Works offline for size + security (only freshness requires network)
Options:
-d, --dir <path> Project directory to analyze (default: current directory)
-t, --top <n> Show only top N heaviest packages
--no-security Skip npm audit (faster, no package-lock required)
--no-freshness Skip registry freshness check (fully offline)
-V, --version Show version
-h, --help Show help
# Analyze current project
npx node-weight
# Analyze a specific project
npx node-weight --dir /path/to/project
# Show only the 10 heaviest packages
npx node-weight --top 10
# Size only — fast, fully offline
npx node-weight --no-security --no-freshness| Tool | Size | Security | Freshness | Offline | Active |
|---|---|---|---|---|---|
| node-weight | ✅ | ✅ | ✅ | ✅ | ✅ |
| cost-of-modules | ✅ | ❌ | ❌ | ✅ | ❌ (2023) |
| npm audit | ❌ | ✅ | ❌ | ✅ | ✅ |
| bundlephobia | ✅ | ❌ | ❌ | ❌ | ✅ |
| depcheck | ❌ | ❌ | ❌ | ✅ | ✅ |
- Node.js ≥ 18.0.0
- A project with a
node_modules/directory
If node-weight saved you time, consider buying me a coffee:
MIT