Skip to content

build: add knip for dead code detection#4190

Merged
MarshallOfSound merged 4 commits intonextfrom
claude/setup-knip-cleanup-NPYEQ
Mar 24, 2026
Merged

build: add knip for dead code detection#4190
MarshallOfSound merged 4 commits intonextfrom
claude/setup-knip-cleanup-NPYEQ

Conversation

@MarshallOfSound
Copy link
Member

@MarshallOfSound MarshallOfSound commented Mar 24, 2026

Description

Adds knip to detect unused files, dependencies, and exports across the monorepo. Configured per-workspace with entry points auto-detected from each package.json's exports/bin fields.

The yarn knip script runs both default and --production modes:

  • Default mode: finds unused files, exports, and dependencies
  • Production mode: flags dependencies that are only imported in spec files (should be devDependencies)

Added to the CI lint step so dead code can't sneak back in.

Dead code removed

Files

  • packages/api/core/src/util/deprecate.ts — never imported
  • packages/api/core/src/util/linux-installer.ts — never imported

Exports

  • info() from messages.ts — only warn() was used
  • builtins from vite.base.config.ts — inlined into external
  • Legacy DMG config types (DMGContents, AdditionalDMGOptions, CodeSignOptions, WindowPositionOptions, WindowSizeOptions, WindowOptions) — superseded by ElectronInstallerDMGOptions
  • StandaloneWebpackPreloadEntryPoint from webpack Config.ts — never referenced

Dependencies

  • Removed ~40 redundant deps from root package.json that were duplicated in workspace packages (legacy hoisting pattern)
  • Moved remaining root deps to devDependencies since the root package is private and tools/ scripts are dev-only
  • Removed unused deps from individual workspaces: @electron/rebuild, @vscode/sudo-prompt, parse-author, cross-spawn, @types/interpret, @types/progress, yaml-hook, and unused @electron-forge/test-utils from 8 maker packages that don't import it

Missing deps added

  • @electron-forge/test-utils to create-electron-app and core-utils devDeps — used in spec files but not declared

Configuration notes

The knip.json handles a few project-specific patterns:

  • subprocess-worker.ts (vite plugin) and remote-rebuild.ts (core-utils) are spawned via string paths, so they're explicit entry points
  • create-electron-app resolves templates via import.meta.resolve() string interpolation, so @electron-forge/template-* are ignored
  • src/**/*.ts! (with ! suffix) marks source as production scope so --production mode can follow imports

Testing

yarn knip   # passes with zero issues in both modes
yarn build  # passes
yarn lint   # passes
yarn test:fast  # 349 passed

claude added 4 commits March 24, 2026 09:02
@claude
chore: add knip for dead code detection and clean up unused code
a521483 
- Add knip as a dev dependency with per-workspace configuration
- Add knip to CI lint step
- Remove unused files: deprecate.ts, linux-installer.ts
- Remove unused dependencies from workspace packages
- Remove 37 redundant dependencies from root package.json (duplicated in workspaces)
- Remove dead type exports (DMG config types, StandaloneWebpackPreloadEntryPoint)
- Add missing test-utils devDeps to create-electron-app and core-utils
- Inline unused builtins export into external in vite.base.config.ts
@claude
chore: remove stale helper entry from core files and redundant knip i…
bfe8c6e 
…gnoreBinaries
@claude
chore: remove redundant root devDeps duplicated in workspace packages
84238f3 
Removed @electron/fuses, electron-installer-common, lodash-es, and msw
from root devDependencies as they are already declared in the workspace
packages that use them. Simplified knip ignoreDependencies accordingly.
@claude
chore: enable knip production mode for dep/devDep classification
06deddd 
Mark src/**/*.ts project globs with ! suffix so knip --production can
follow imports through source files. This enables detection of
dependencies that are only used in spec files but incorrectly listed
as runtime dependencies.

Also move root tools/ dependencies to devDependencies since the root
package is private and tools/ scripts are dev-only.
@MarshallOfSound MarshallOfSound requested a review from a team as a code owner March 24, 2026 09:22
@github-actions github-actions bot added the next label Mar 24, 2026
@socket-security
Copy link

socket-security bot commented Mar 24, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedknip@​5.87.0991009596100

View full report

erickzhao
erickzhao approved these changes Mar 24, 2026
View reviewed changes
package.json
"postinstall": "husky install && node -e \"try { fs.rmSync('node_modules/.bin/*.ps1', { recursive: true, force: true }) } catch (e) {}\" && tsx ./tools/gen-tsconfigs.ts && tsx ./tools/gen-ts-glue.ts",
"spawn-verdaccio": "tsx tools/verdaccio/spawn-verdaccio.ts"
},
"dependencies": {
Copy link
Member

@erickzhao erickzhao Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! I think we talked about this before in some meeting, but I'm all for moving away from hoisting all deps into the workspace root.

Makes it slightly harder to track deps over time but having knip as a lint step helps keep us tapped in.

@MarshallOfSound MarshallOfSound merged commit 6cdefb6 into next Mar 24, 2026
13 checks passed
@MarshallOfSound MarshallOfSound deleted the claude/setup-knip-cleanup-NPYEQ branch March 24, 2026 16:46
@erickzhao erickzhao mentioned this pull request Mar 24, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@erickzhao erickzhao erickzhao approved these changes

Assignees

No one assigned

Labels

next

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MarshallOfSound @erickzhao @claude