Yarn has a command that allows you to find a dependency or a sub-dependency in the dependency tree, thereby helping you to find and prune outdated or vulnerable dependencies.
It's output looks like this:
$ yarn why scheduler
yarn why v1.22.5
[1/4] 🤔 Why do we have the module "scheduler"...?
[2/4] 🚚 Initialising dependency graph...
[3/4] 🔍 Finding dependency...
[4/4] 🚡 Calculating file sizes...
=> Found "scheduler@0.18.0"
info Has been hoisted to "scheduler"
info Reasons this module exists
- Hoisted from "formik#scheduler"
- Hoisted from "gatsby#gatsby-cli#ink#scheduler"
- Hoisted from "gatsby#gatsby-cli#ink#react-reconciler#scheduler"
info Disk size without dependencies: "208KB"
info Disk size with unique dependencies: "256KB"
info Disk size with transitive dependencies: "284KB"
info Number of shared dependencies: 3
=> Found "react-dom#scheduler@0.19.1"
info This module exists because "react-dom" depends on it.
info Disk size without dependencies: "204KB"
info Disk size with unique dependencies: "252KB"
info Disk size with transitive dependencies: "280KB"
info Number of shared dependencies: 3
=> Found "gatsby-recipes#scheduler@0.19.1"
info Reasons this module exists
- "gatsby#gatsby-cli#gatsby-recipes#react-reconciler" depends on it
- Hoisted from "gatsby#gatsby-cli#gatsby-recipes#react-reconciler#scheduler"
info Disk size without dependencies: "204KB"
info Disk size with unique dependencies: "252KB"
info Disk size with transitive dependencies: "280KB"
info Number of shared dependencies: 3
✨ Done in 1.01s.
I think a similar command would be really helpful to have in cargo. I couldn't find a 3rd party implementation of this, but perhaps I missed it. It might also make sense to have this as a proper cargo feature. WDYT?