reqscan 1.0.2 → 1.2.0

package/README.md

@@ -96,6 +96,17 @@ reqscan list
 
 ---
 
+## 🚩 Available Flags
+
+| Flag | Description | Commands |
+|------|-------------|----------|
+| `--json` | Output machine-readable JSON | `check`, `audit`, `list` |
+| `--save-dev` | Install missing packages as `devDependencies` | `install`, `fix` |
+| `--dry-run` | Preview changes without executing | `install`, `clean`, `fix` |
+| `--force` | Skip confirmation prompt | `clean`, `fix` |
+
+---
+
 ## 📤 Example Outputs
 
 ### `reqscan check`
@@ -175,12 +186,15 @@ Legend: ✓ present  ✗ missing  ~ declared but unused
 2. **Extracts** package names from all import styles:
    - `require('pkg')`
    - `import x from 'pkg'`
-   - `import('pkg')`
+   - `import type { T } from 'pkg'`
+   - `import('pkg')` (dynamic)
    - `require.resolve('pkg')`
    - `export { x } from 'pkg'`
-3. **Filters out** Node.js built-ins (`fs`, `path`, `http`, `node:*`, etc.)
-4. **Compares** against `package.json` (all dependency types)
-5. **Reports** and optionally acts on findings
+   - `import 'pkg'` (side-effect)
+3. **Strips comments** before scanning so commented-out imports are ignored
+4. **Filters out** Node.js built-ins (`fs`, `path`, `http`, `node:*`, etc.)
+5. **Compares** against `package.json` (all dependency types)
+6. **Reports** and optionally acts on findings
 
 ---
 
@@ -194,22 +208,25 @@ const result = await scanProject('/path/to/project');
 console.log(result.missing);      // ['axios', 'uuid']
 console.log(result.present);      // ['express', 'mongoose']
 console.log(result.unused);       // ['jest']
-console.log(result.allImports);   // all detected package names
+console.log(result.allImports);   // all detected package names (sorted)
+console.log(result.declared);     // all declared package names (sorted)
 console.log(result.scannedFiles); // list of files scanned
+console.log(result.targetDir);    // resolved project directory
 ```
 
 ### Return Value
 
 | Field | Type | Description |
 |-------|------|-------------|
-| `projectName` | `string` | Name from package.json |
-| `allImports` | `string[]` | All unique packages found in source |
-| `declared` | `string[]` | All packages in package.json |
+| `projectName` | `string` | Name from `package.json` |
+| `allImports` | `string[]` | All unique packages found in source (sorted) |
+| `declared` | `string[]` | All packages in `package.json` (sorted) |
 | `missing` | `string[]` | Imported but not declared |
 | `present` | `string[]` | Imported AND declared |
 | `unused` | `string[]` | Declared but never imported |
 | `scannedFiles` | `string[]` | All files that were scanned |
-| `packageJson` | `object\|null` | Parsed package.json content |
+| `packageJson` | `object\|null` | Parsed `package.json` content |
+| `targetDir` | `string` | Resolved absolute path to the project root |
 
 ---
 
@@ -225,14 +242,12 @@ node test/test.js
 
 - [ ] `reqscan outdated` — Check for newer package versions
 - [ ] `reqscan upgrade` — Update all outdated packages
-- [ ] `--save-dev` flag for install command
-- [ ] `--dry-run` flag for previewing changes
 - [ ] Configuration file (`.reqscanrc`)
-- [ ] Monorepo/workspace support
-- [ ] JSON output mode (`--json` flag)
+- [ ] Monorepo / workspace support
+- [x] `--save-dev`, `--dry-run`, `--force`, `--json` flags *(shipped in v1.1.0)*
 
 ---
 
 ## 📄 License
 
-MIT
+MIT

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "reqscan",
-  "version": "1.0.2",
+  "version": "1.2.0",
   "description": "Dependency Manager for Node.js — scan, install, clean, and audit your project dependencies",
-  "main": "src/scanner.js",
+  "main": "src/api.js",
   "bin": {
     "reqscan": "./src/index.js"
   },
@@ -29,4 +29,4 @@
   "engines": {
     "node": ">=14.0.0"
   }
-}
+}

package/src/api.js

@@ -0,0 +1,13 @@
+'use strict';
+
+/**
+ * reqscan — Public Programmatic API
+ *
+ * Usage:
+ *   const { scanProject } = require('reqscan');
+ *   const result = await scanProject('/path/to/project');
+ */
+
+const { scanProject, readPackageJson } = require('./scanner');
+
+module.exports = { scanProject, readPackageJson };

package/src/colors.js

@@ -1,6 +1,9 @@
 'use strict';
 
-const c = {
+// Respect NO_COLOR env (https://no-color.org) and non-TTY output
+const ENABLED = !process.env.NO_COLOR && process.stdout.isTTY !== false;
+
+const raw = {
   reset  : '\x1b[0m',
   bold   : '\x1b[1m',
   dim    : '\x1b[2m',
@@ -11,20 +14,26 @@ const c = {
   white  : '\x1b[37m',
 };
 
-const paint = (color, text) => `${color}${text}${c.reset}`;
+const paint = (code, text) => ENABLED ? `${code}${text}${raw.reset}` : text;
 
 module.exports = {
-  ...c,
-  bold   : (t) => paint(c.bold,   t),
-  dim    : (t) => paint(c.dim,    t),
-  red    : (t) => paint(c.red,    t),
-  green  : (t) => paint(c.green,  t),
-  yellow : (t) => paint(c.yellow, t),
-  cyan   : (t) => paint(c.cyan,   t),
-  white  : (t) => paint(c.white,  t),
-  boldCyan   : (t) => `${c.bold}${c.cyan}${t}${c.reset}`,
-  boldGreen  : (t) => `${c.bold}${c.green}${t}${c.reset}`,
-  boldRed    : (t) => `${c.bold}${c.red}${t}${c.reset}`,
-  boldYellow : (t) => `${c.bold}${c.yellow}${t}${c.reset}`,
+  // Raw codes (for constructing multi-codes manually)
+  ...raw,
+
+  // Single-color helpers
+  bold   : (t) => paint(raw.bold,   t),
+  dim    : (t) => paint(raw.dim,    t),
+  red    : (t) => paint(raw.red,    t),
+  green  : (t) => paint(raw.green,  t),
+  yellow : (t) => paint(raw.yellow, t),
+  cyan   : (t) => paint(raw.cyan,   t),
+  white  : (t) => paint(raw.white,  t),
+
+  // Combined helpers
+  boldCyan   : (t) => ENABLED ? `${raw.bold}${raw.cyan}${t}${raw.reset}`   : t,
+  boldGreen  : (t) => ENABLED ? `${raw.bold}${raw.green}${t}${raw.reset}`  : t,
+  boldRed    : (t) => ENABLED ? `${raw.bold}${raw.red}${t}${raw.reset}`    : t,
+  boldYellow : (t) => ENABLED ? `${raw.bold}${raw.yellow}${t}${raw.reset}` : t,
+
   LINE : '─'.repeat(50),
 };

package/src/commands.js

@@ -1,9 +1,9 @@
 'use strict';
 
-const { execSync }   = require('child_process');
-const readline       = require('readline');
-const { scanProject} = require('./scanner');
-const col            = require('./colors');
+const { execSync }                = require('child_process');
+const readline                    = require('readline');
+const { scanProject, readPackageJson } = require('./scanner');
+const col                         = require('./colors');
 
 // ─── Shared helpers ───────────────────────────────────────────────────────────
 
@@ -29,10 +29,45 @@ function runNpm(args, cwd) {
   }
 }
 
+function getVersion(pkgJson, pkg) {
+  return (
+    pkgJson?.dependencies?.[pkg] ||
+    pkgJson?.devDependencies?.[pkg] ||
+    pkgJson?.peerDependencies?.[pkg] ||
+    pkgJson?.optionalDependencies?.[pkg] || ''
+  );
+}
+
+function getDepType(pkgJson, pkg) {
+  if (pkgJson?.dependencies?.[pkg])         return 'dependencies';
+  if (pkgJson?.devDependencies?.[pkg])      return 'devDependencies';
+  if (pkgJson?.peerDependencies?.[pkg])     return 'peerDependencies';
+  if (pkgJson?.optionalDependencies?.[pkg]) return 'optionalDependencies';
+  return '';
+}
+
 // ─── check ────────────────────────────────────────────────────────────────────
 
-async function cmdCheck(targetDir) {
+async function cmdCheck(targetDir, { json = false } = {}) {
   const r = await scanProject(targetDir);
+
+  if (json) {
+    console.log(JSON.stringify({
+      project  : r.projectName,
+      missing  : r.missing,
+      present  : r.present,
+      unused   : r.unused,
+      summary  : {
+        totalImports : r.allImports.length,
+        declared     : r.declared.length,
+        present      : r.present.length,
+        missing      : r.missing.length,
+        unused       : r.unused.length,
+      },
+    }, null, 2));
+    return r;
+  }
+
   header(r.projectName);
 
   // Summary
@@ -67,12 +102,10 @@ async function cmdCheck(targetDir) {
     console.log(col.boldGreen('✅ Already Declared Packages'));
     console.log(col.dim(col.LINE));
     r.present.forEach(p => {
-      const ver =
-        r.packageJson?.dependencies?.[p] ||
-        r.packageJson?.devDependencies?.[p] ||
-        r.packageJson?.peerDependencies?.[p] ||
-        r.packageJson?.optionalDependencies?.[p] || '';
-      console.log(`  ${col.green('✓')} ${p} ${col.dim(ver)}`);
+      const ver  = getVersion(r.packageJson, p);
+      const type = getDepType(r.packageJson, p);
+      const typeLabel = type === 'devDependencies' ? col.dim(' [dev]') : '';
+      console.log(`  ${col.green('✓')} ${p} ${col.dim(ver)}${typeLabel}`);
     });
     console.log();
   }
@@ -81,9 +114,14 @@ async function cmdCheck(targetDir) {
   if (r.unused.length > 0) {
     console.log(col.boldYellow('⚠️  Declared but NOT imported in source (possibly unused)'));
     console.log(col.dim(col.LINE));
-    r.unused.forEach(p => console.log(`  ${col.yellow('~')} ${p}`));
+    r.unused.forEach(p => {
+      const type = getDepType(r.packageJson, p);
+      console.log(`  ${col.yellow('~')} ${p} ${col.dim(`(${type})`)}`);
+    });
     console.log();
-    console.log(col.dim('Tip: Run `reqscan clean` to remove unused packages.'));
+    console.log(col.dim('Note: Some packages may be used in config files, build scripts, or'));
+    console.log(col.dim('      CLI tools not directly imported in source. Review before removing.'));
+    console.log(col.dim('Tip:  Run `reqscan clean` to interactively remove unused packages.'));
     console.log();
   }
 
@@ -96,7 +134,7 @@ async function cmdCheck(targetDir) {
 
 // ─── install ──────────────────────────────────────────────────────────────────
 
-async function cmdInstall(targetDir) {
+async function cmdInstall(targetDir, { saveDev = false, dryRun = false } = {}) {
   console.log();
   console.log(col.boldCyan('📦 Installing missing dependencies...'));
   console.log();
@@ -112,10 +150,21 @@ async function cmdInstall(targetDir) {
   console.log(`Found ${col.boldRed(String(r.missing.length))} missing package(s):`);
   r.missing.forEach(p => console.log(`  • ${p}`));
   console.log();
+
+  const flag = saveDev ? '--save-dev ' : '';
+  const cmd  = `install ${flag}${r.missing.join(' ')}`;
+
+  if (dryRun) {
+    console.log(col.boldYellow('🔍 Dry run — would execute:'));
+    console.log(col.boldCyan(`   npm ${cmd}`));
+    console.log();
+    return;
+  }
+
   console.log('Installing... ⚙️');
   console.log();
 
-  const ok = runNpm(`install ${r.missing.join(' ')}`, targetDir);
+  const ok = runNpm(cmd, targetDir);
 
   if (ok) {
     console.log();
@@ -131,7 +180,7 @@ async function cmdInstall(targetDir) {
 
 // ─── clean ────────────────────────────────────────────────────────────────────
 
-async function cmdClean(targetDir, { force = false } = {}) {
+async function cmdClean(targetDir, { force = false, dryRun = false } = {}) {
   console.log();
   console.log(col.boldCyan('🧹 Scanning for unused dependencies...'));
   console.log();
@@ -146,11 +195,20 @@ async function cmdClean(targetDir, { force = false } = {}) {
 
   console.log(`Found ${col.boldYellow(String(r.unused.length))} unused package(s):`);
   r.unused.forEach(p => {
-    const inDev = r.packageJson?.devDependencies?.[p];
-    const kind  = inDev ? 'devDependencies' : 'dependencies';
-    console.log(`  • ${p} ${col.dim(`(${kind})`)}`);
+    const type = getDepType(r.packageJson, p);
+    console.log(`  • ${p} ${col.dim(`(${type})`)}`);
   });
   console.log();
+  console.log(col.dim('Note: Verify these are truly unused before removing.'));
+  console.log(col.dim('      Config files and build tools may use packages without importing them.'));
+  console.log();
+
+  if (dryRun) {
+    console.log(col.boldYellow('🔍 Dry run — would execute:'));
+    console.log(col.boldCyan(`   npm uninstall ${r.unused.join(' ')}`));
+    console.log();
+    return;
+  }
 
   let confirm = 'y';
   if (!force) {
@@ -158,6 +216,7 @@ async function cmdClean(targetDir, { force = false } = {}) {
   }
 
   if (confirm === '' || confirm.toLowerCase() === 'y') {
+    // Snapshot counts BEFORE running uninstall
     const depsBefore    = Object.keys(r.packageJson?.dependencies    || {}).length;
     const devDepsBefore = Object.keys(r.packageJson?.devDependencies || {}).length;
 
@@ -165,9 +224,8 @@ async function cmdClean(targetDir, { force = false } = {}) {
     const ok = runNpm(`uninstall ${r.unused.join(' ')}`, targetDir);
 
     if (ok) {
-      // Re-read to get updated counts
-      const { readPackageJson } = require('./scanner');
-      const updated = readPackageJson(targetDir);
+      // Re-read package.json fresh after uninstall (not from require cache)
+      const updated    = readPackageJson(targetDir);
       const depsAfter    = Object.keys(updated?.dependencies    || {}).length;
       const devDepsAfter = Object.keys(updated?.devDependencies || {}).length;
 
@@ -188,24 +246,58 @@ async function cmdClean(targetDir, { force = false } = {}) {
 
 // ─── fix ──────────────────────────────────────────────────────────────────────
 
-async function cmdFix(targetDir) {
+async function cmdFix(targetDir, opts = {}) {
   console.log();
   console.log(col.boldCyan('🔧 Running reqscan fix (install missing + clean unused)...'));
   console.log(col.dim(col.LINE));
-  await cmdInstall(targetDir);
+  await cmdInstall(targetDir, opts);
   console.log(col.dim(col.LINE));
-  await cmdClean(targetDir, { force: false });
+  //await cmdClean(targetDir, { ...opts, force: false });
+
+  await cmdClean(targetDir, { ...opts, force: opts.dryRun || false });
+
+
+
 }
 
 // ─── audit ────────────────────────────────────────────────────────────────────
 
-async function cmdAudit(targetDir) {
+async function cmdAudit(targetDir, { json = false } = {}) {
   const r = await scanProject(targetDir);
+
+  const total      = r.allImports.length || 1;
+  const score      = Math.round((r.present.length / total) * 100);
+
+  if (json) {
+    const deps    = r.packageJson?.dependencies        || {};
+    const devDeps = r.packageJson?.devDependencies     || {};
+    const peer    = r.packageJson?.peerDependencies    || {};
+    const opt     = r.packageJson?.optionalDependencies|| {};
+    console.log(JSON.stringify({
+      project      : r.projectName,
+      healthScore  : score,
+      filesScanned : r.scannedFiles.length,
+      summary: {
+        totalImports : r.allImports.length,
+        declared     : r.declared.length,
+        present      : r.present.length,
+        missing      : r.missing.length,
+        unused       : r.unused.length,
+      },
+      breakdown: {
+        dependencies         : Object.keys(deps).length,
+        devDependencies      : Object.keys(devDeps).length,
+        peerDependencies     : Object.keys(peer).length,
+        optionalDependencies : Object.keys(opt).length,
+      },
+      missing : r.missing,
+      unused  : r.unused,
+    }, null, 2));
+    return r;
+  }
+
   header(r.projectName);
 
-  // Health score
-  const total   = r.allImports.length || 1;
-  const score   = Math.round((r.present.length / total) * 100);
   const scoreColor = score === 100 ? col.boldGreen : score >= 70 ? col.boldYellow : col.boldRed;
 
   console.log(col.bold('🏥 Dependency Health Report'));
@@ -219,7 +311,6 @@ async function cmdAudit(targetDir) {
   console.log(`  ~ Unused declared   : ${r.unused.length  > 0 ? col.boldYellow(String(r.unused.length)) : col.boldGreen('0')}`);
   console.log();
 
-  // Dependency breakdown
   const deps    = r.packageJson?.dependencies        || {};
   const devDeps = r.packageJson?.devDependencies     || {};
   const peer    = r.packageJson?.peerDependencies    || {};
@@ -233,15 +324,14 @@ async function cmdAudit(targetDir) {
   console.log(`  optionalDependencies : ${Object.keys(opt).length}`);
   console.log();
 
-  // Recommendations
   const recs = [];
   if (r.missing.length > 0) recs.push(`Run ${col.cyan('reqscan install')} to install ${r.missing.length} missing package(s).`);
-  if (r.unused.length  > 0) recs.push(`Run ${col.cyan('reqscan clean')}   to remove ${r.unused.length} unused package(s).`);
+  if (r.unused.length  > 0) recs.push(`Run ${col.cyan('reqscan clean')}   to remove ${r.unused.length} potentially unused package(s).`);
   if (recs.length === 0)    recs.push(col.green('Your project dependencies look great!'));
 
   console.log(col.bold('💡 Recommendations'));
   console.log(col.dim(col.LINE));
-  recs.forEach(r => console.log(`  → ${r}`));
+  recs.forEach(rec => console.log(`  → ${rec}`));
   console.log();
   console.log(col.dim(col.LINE));
   console.log(col.dim('Audit complete.'));
@@ -252,39 +342,51 @@ async function cmdAudit(targetDir) {
 
 // ─── list ─────────────────────────────────────────────────────────────────────
 
-async function cmdList(targetDir) {
+async function cmdList(targetDir, { json = false } = {}) {
   const r = await scanProject(targetDir);
+
+  if (json) {
+    const all = [...new Set([...r.allImports, ...r.declared])].sort();
+    const list = all.map(pkg => ({
+      name    : pkg,
+      status  : r.allImports.includes(pkg) && r.declared.includes(pkg) ? 'present'
+              : r.allImports.includes(pkg) ? 'missing' : 'unused',
+      version : getVersion(r.packageJson, pkg),
+      type    : getDepType(r.packageJson, pkg),
+    }));
+    console.log(JSON.stringify({ project: r.projectName, packages: list }, null, 2));
+    return;
+  }
+
   header(r.projectName);
 
   console.log(col.bold('📋 All Dependencies with Status'));
   console.log(col.dim(col.LINE));
 
-  const all = new Set([...r.allImports, ...r.declared]);
+  const all    = new Set([...r.allImports, ...r.declared]);
   const sorted = [...all].sort();
 
   sorted.forEach(pkg => {
-    const imported  = r.allImports.includes(pkg);
-    const declared  = r.declared.includes(pkg);
-    const ver =
-      r.packageJson?.dependencies?.[pkg] ||
-      r.packageJson?.devDependencies?.[pkg] ||
-      r.packageJson?.peerDependencies?.[pkg] ||
-      r.packageJson?.optionalDependencies?.[pkg] || '';
+    const imported = r.allImports.includes(pkg);
+    const declared = r.declared.includes(pkg);
+    const ver      = getVersion(r.packageJson, pkg);
+    const type     = getDepType(r.packageJson, pkg);
+    const typeTag  = type === 'devDependencies' ? col.dim(' [dev]') : '';
 
     let status, icon;
     if (imported && declared)  { icon = col.green('✓');  status = col.dim('present');  }
     else if (imported)         { icon = col.red('✗');    status = col.red('missing');   }
     else                       { icon = col.yellow('~'); status = col.yellow('unused'); }
 
-    console.log(`  ${icon} ${pkg.padEnd(30)} ${col.dim(ver.padEnd(12))} ${status}`);
+    console.log(`  ${icon} ${pkg.padEnd(30)} ${col.dim(ver.padEnd(12))} ${status}${typeTag}`);
   });
 
   console.log();
-  console.log(col.dim(`Legend: ${col.green('✓')} present  ${col.red('✗')} missing  ${col.yellow('~')} declared but unused`));
+  console.log(col.dim(`Legend: ${col.green('✓')} present  ${col.red('✗')} missing  ${col.yellow('~')} declared but unused  ${col.dim('[dev]')} devDependency`));
   console.log();
   console.log(col.dim(col.LINE));
   console.log(col.dim('List complete.'));
   console.log();
 }
 
-module.exports = { cmdCheck, cmdInstall, cmdClean, cmdFix, cmdAudit, cmdList };
+module.exports = { cmdCheck, cmdInstall, cmdClean, cmdFix, cmdAudit, cmdList };

package/src/index.js

@@ -7,9 +7,21 @@ const col  = require('./colors');
 const { cmdCheck, cmdInstall, cmdClean, cmdFix, cmdAudit, cmdList } = require('./commands');
 
 // ─── Parse args ───────────────────────────────────────────────────────────────
-const args    = process.argv.slice(2);
-const command = args[0];
-const dirArg  = args[1];
+const argv    = process.argv.slice(2);
+
+
+const nonFlags = argv.filter(arg => !arg.startsWith('-'));
+const command  = nonFlags[0] ?? null;
+const dirArg   = nonFlags[1] ?? null;
+
+
+ 
+const flags = {
+  json     : argv.includes('--json'),
+  saveDev  : argv.includes('--save-dev'),
+  dryRun   : argv.includes('--dry-run'),
+  force    : argv.includes('--force'),
+};
 
 // ─── Help text ────────────────────────────────────────────────────────────────
 function printHelp() {
@@ -17,7 +29,7 @@ function printHelp() {
   console.log(col.boldCyan('reqscan') + col.bold(' — Dependency Manager for Node.js'));
   console.log();
   console.log(col.bold('Usage:'));
-  console.log('  reqscan <command> [project-dir]');
+  console.log('  reqscan <command> [project-dir] [flags]');
   console.log();
   console.log(col.bold('Commands:'));
   const cmds = [
@@ -32,20 +44,32 @@ function printHelp() {
     console.log(`  ${col.cyan(cmd.padEnd(20))} ${desc}`);
   });
   console.log();
+  console.log(col.bold('Flags:'));
+  const flags_help = [
+    ['--json',        'Output results as JSON (check, audit, list)'],
+    ['--save-dev',    'Install missing packages as devDependencies'],
+    ['--dry-run',     'Preview what would be installed/removed'],
+    ['--force',       'Skip confirmation prompt (clean, fix)'],
+  ];
+  flags_help.forEach(([flag, desc]) => {
+    console.log(`  ${col.cyan(flag.padEnd(20))} ${desc}`);
+  });
+  console.log();
   console.log(col.bold('Examples:'));
   console.log(`  ${col.dim('reqscan check')}                   # scan current directory`);
   console.log(`  ${col.dim('reqscan check ./my-app')}          # scan specific folder`);
-  console.log(`  ${col.dim('reqscan install')}                 # install all missing`);
-  console.log(`  ${col.dim('reqscan clean')}                   # remove unused`);
-  console.log(`  ${col.dim('reqscan fix')}                     # install missing + clean unused`);
-  console.log(`  ${col.dim('reqscan audit')}                   # full health report`);
+  console.log(`  ${col.dim('reqscan check --json')}            # output as JSON`);
+  console.log(`  ${col.dim('reqscan install --save-dev')}      # install as devDependencies`);
+  console.log(`  ${col.dim('reqscan install --dry-run')}       # preview install`);
+  console.log(`  ${col.dim('reqscan clean --force')}           # remove unused without prompt`);
+  console.log(`  ${col.dim('reqscan audit --json')}            # full report as JSON`);
   console.log(`  ${col.dim('reqscan list')}                    # show all with status`);
   console.log();
 }
 
 // ─── Resolve target directory ─────────────────────────────────────────────────
-function resolveDir(dirArg) {
-  const target = dirArg ? path.resolve(dirArg) : process.cwd();
+function resolveDir(arg) {
+  const target = arg ? path.resolve(arg) : process.cwd();
   if (!fs.existsSync(target)) {
     console.error(col.boldRed(`❌ Directory not found: ${target}`));
     process.exit(1);
@@ -74,19 +98,21 @@ function resolveDir(dirArg) {
 
   const targetDir = resolveDir(command === 'check' ? dirArg : (dirArg || undefined));
 
-  console.log(col.dim(`\n🔍 Scanning project at: ${targetDir}`));
+  if (!flags.json) {
+    console.log(col.dim(`\n🔍 Scanning project at: ${targetDir}`));
+  }
 
   try {
     switch (command) {
-      case 'check'  : await cmdCheck(targetDir);   break;
-      case 'install': await cmdInstall(targetDir); break;
-      case 'clean'  : await cmdClean(targetDir);   break;
-      case 'fix'    : await cmdFix(targetDir);     break;
-      case 'audit'  : await cmdAudit(targetDir);   break;
-      case 'list'   : await cmdList(targetDir);    break;
+      case 'check'  : await cmdCheck(targetDir,   flags); break;
+      case 'install': await cmdInstall(targetDir, flags); break;
+      case 'clean'  : await cmdClean(targetDir,   flags); break;
+      case 'fix'    : await cmdFix(targetDir,     flags); break;
+      case 'audit'  : await cmdAudit(targetDir,   flags); break;
+      case 'list'   : await cmdList(targetDir,    flags); break;
     }
   } catch (err) {
     console.error(col.boldRed(`\n❌ Error: ${err.message}`));
     process.exit(1);
   }
-})();
+})();

package/src/scanner.js

@@ -3,7 +3,7 @@
 const fs   = require('fs');
 const path = require('path');
 
-// ─── Node.js built-in modules ───────────────────────────────────────────────
+// ─── Node.js built-in modules ─────────────────────────────────────────────────
 const BUILTIN_MODULES = new Set([
   'assert','async_hooks','buffer','child_process','cluster','console',
   'constants','crypto','dgram','diagnostics_channel','dns','domain',
@@ -13,7 +13,6 @@ const BUILTIN_MODULES = new Set([
   'stream/consumers','stream/promises','stream/web','string_decoder',
   'sys','timers','timers/promises','tls','trace_events','tty','url',
   'util','util/types','v8','vm','wasi','worker_threads','zlib',
-  // node: prefix variants
   'node:assert','node:buffer','node:child_process','node:cluster',
   'node:crypto','node:dgram','node:dns','node:domain','node:events',
   'node:fs','node:http','node:http2','node:https','node:inspector',
@@ -23,57 +22,74 @@ const BUILTIN_MODULES = new Set([
   'node:vm','node:worker_threads','node:zlib'
 ]);
 
-// ─── Directories to skip ─────────────────────────────────────────────────────
+// ─── Directories to skip ──────────────────────────────────────────────────────
 const IGNORE_DIRS = new Set([
   'node_modules','.git','.next','.nuxt','dist','build',
   'coverage','.cache','.turbo','out','.svelte-kit','.vercel',
-  '.output','public','static','assets'
+  '.output','public','static','assets','.idea','.vscode'
 ]);
 
-// ─── File extensions to scan ─────────────────────────────────────────────────
+// ─── File extensions to scan ──────────────────────────────────────────────────
 const JS_EXTENSIONS = new Set(['.js','.jsx','.mjs','.cjs','.ts','.tsx','.mts','.cts']);
 
-// ─── Import/require patterns ─────────────────────────────────────────────────
+// ─── Import/require patterns ──────────────────────────────────────────────────
 const IMPORT_PATTERNS = [
-  /require\s*\(\s*['"`]([^'"`\s]+)['"`]\s*\)/g,
-  /import\s+(?:[\w*{}\s,]+\s+from\s+)?['"`]([^'"`\s]+)['"`]/g,
-  /import\s*\(\s*['"`]([^'"`\s]+)['"`]\s*\)/g,
-  /require\.resolve\s*\(\s*['"`]([^'"`\s]+)['"`]\s*\)/g,
-  /(?:export\s+(?:[\w*{}\s,]+\s+)?from\s+)['"`]([^'"`\s]+)['"`]/g,
+  // require('pkg')
+  /\brequire\s*\(\s*['"`]([^'"`\s]+)['"`]\s*\)/g,
+  // require.resolve('pkg')
+  /\brequire\.resolve\s*\(\s*['"`]([^'"`\s]+)['"`]\s*\)/g,
+  // import 'pkg'  (side-effect)
+  /\bimport\s+['"`]([^'"`\s]+)['"`]/g,
+  // import [type] [...stuff...] from 'pkg'
+  /\bimport\s+(?:type\s+)?(?:[\w$*{},\s]+\s+from\s+)['"`]([^'"`\s]+)['"`]/g,
+  // import('pkg')  dynamic
+  /\bimport\s*\(\s*['"`]([^'"`\s]+)['"`]\s*\)/g,
+  // export [type] [...stuff...] from 'pkg'
+  /\bexport\s+(?:type\s+)?(?:[\w$*{},\s]+\s+from\s+)['"`]([^'"`\s]+)['"`]/g,
 ];
 
 // ─── Helpers ──────────────────────────────────────────────────────────────────
 
 function extractPackageName(raw) {
   if (!raw) return null;
-  // Skip relative, absolute, URL imports
-  if (raw.startsWith('.') || raw.startsWith('/') || /^https?:\/\//.test(raw) || raw.startsWith('data:')) return null;
-  // Scoped: @scope/pkg
+  if (
+    raw.startsWith('.') || raw.startsWith('/') ||
+    /^https?:\/\//.test(raw) ||
+    raw.startsWith('data:') || raw.startsWith('blob:')
+  ) return null;
   if (raw.startsWith('@')) {
     const parts = raw.split('/');
     return parts.length >= 2 ? `${parts[0]}/${parts[1]}` : null;
   }
-  // Regular: pkg or pkg/subpath → pkg
-  return raw.split('/')[0];
+  return raw.split('/')[0] || null;
 }
 
 function extractImportsFromFile(filePath) {
   const found = new Set();
-  try {
-    const src = fs.readFileSync(filePath, 'utf8');
-    for (const re of IMPORT_PATTERNS) {
-      re.lastIndex = 0;
-      let m;
-      while ((m = re.exec(src)) !== null) {
-        const pkg = extractPackageName(m[1]);
-        if (pkg && !BUILTIN_MODULES.has(pkg)) found.add(pkg);
-      }
+  let src;
+  try { src = fs.readFileSync(filePath, 'utf8'); }
+  catch (_) { return found; }
+
+  // Strip comments to avoid matching commented-out imports
+  const stripped = src
+    .replace(/\/\*[\s\S]*?\*\//g, ' ')
+    .replace(/\/\/[^\n]*/g, ' ');
+
+  for (const re of IMPORT_PATTERNS) {
+    re.lastIndex = 0;
+    let m;
+    while ((m = re.exec(stripped)) !== null) {
+      const pkg = extractPackageName(m[1]);
+      if (pkg && !BUILTIN_MODULES.has(pkg)) found.add(pkg);
     }
-  } catch (_) { /* skip unreadable */ }
+  }
   return found;
 }
 
-function walkDir(dir, allImports = new Set(), scannedFiles = []) {
+const MAX_DEPTH = 20;
+
+function walkDir(dir, allImports = new Set(), scannedFiles = [], depth = 0) {
+  if (depth > MAX_DEPTH) return { allImports, scannedFiles };
   let entries;
   try { entries = fs.readdirSync(dir, { withFileTypes: true }); }
   catch (_) { return { allImports, scannedFiles }; }
@@ -82,7 +98,7 @@ function walkDir(dir, allImports = new Set(), scannedFiles = []) {
     if (IGNORE_DIRS.has(e.name)) continue;
     const full = path.join(dir, e.name);
     if (e.isDirectory()) {
-      walkDir(full, allImports, scannedFiles);
+      walkDir(full, allImports, scannedFiles, depth + 1);
     } else if (e.isFile() && JS_EXTENSIONS.has(path.extname(e.name))) {
       scannedFiles.push(full);
       for (const pkg of extractImportsFromFile(full)) allImports.add(pkg);
@@ -98,8 +114,6 @@ function readPackageJson(dir) {
   catch (_) { return null; }
 }
 
-// ─── Public API ───────────────────────────────────────────────────────────────
-
 async function scanProject(targetDir) {
   const pkgJson = readPackageJson(targetDir);
   const { allImports, scannedFiles } = walkDir(targetDir);
@@ -111,24 +125,19 @@ async function scanProject(targetDir) {
     ...Object.keys(pkgJson?.optionalDependencies|| {}),
   ]);
 
-  const missing = [];
-  const present = [];
-  const unused  = [];
+  // Sort once, then derive all three arrays in a single pass each
+  const allImportsSorted = [...allImports].sort();
+  const declaredSorted   = [...declared].sort();
 
-  for (const pkg of [...allImports].sort()) {
-    if (declared.has(pkg)) present.push(pkg);
-    else                   missing.push(pkg);
-  }
-
-  for (const pkg of [...declared].sort()) {
-    if (!allImports.has(pkg)) unused.push(pkg);
-  }
+  const missing = allImportsSorted.filter(p => !declared.has(p));
+  const present = allImportsSorted.filter(p =>  declared.has(p));
+  const unused  = declaredSorted.filter(p => !allImports.has(p));
 
   return {
-    projectName : pkgJson?.name || path.basename(targetDir),
-    packageJson : pkgJson,
-    allImports  : [...allImports].sort(),
-    declared    : [...declared].sort(),
+    projectName  : pkgJson?.name || path.basename(targetDir),
+    packageJson  : pkgJson,
+    allImports   : allImportsSorted,
+    declared     : declaredSorted,
     missing,
     present,
     unused,
@@ -137,4 +146,4 @@ async function scanProject(targetDir) {
   };
 }
 
-module.exports = { scanProject, readPackageJson };
+module.exports = { scanProject, readPackageJson };