Auto-Fix
ghostdep can generate package manager commands to fix detected findings.
Dry run (default)
Preview what would be run:
ghostdep fix --dry-run
npm install axios
npm uninstall lodash
pip install pandas
pip uninstall numpy
Nothing is executed. Commands are printed to stdout.
Apply fixes
Run the commands directly:
ghostdep fix --apply
ghostdep will ask for confirmation before executing anything:
Execute 4 command(s)? [y/N]
Each command’s result is reported:
running: npm install axios
ok
running: npm uninstall lodash
ok
Commands by language
| Manifest | Phantom (install) | Unused (remove) |
|---|---|---|
package.json | npm install <pkg> | npm uninstall <pkg> |
package.json + yarn.lock | yarn add <pkg> | yarn remove <pkg> |
requirements.txt | pip install <pkg> | pip uninstall <pkg> |
go.mod | go get <module> | go mod tidy |
Cargo.toml | cargo add <crate> | cargo remove <crate> |
pom.xml | prints XML snippet | prints removal note |
build.gradle | prints dependency line | prints removal note |
ghostdep detects yarn.lock to choose yarn over npm automatically.
For Maven and Gradle, there’s no clean CLI command to add/remove deps, so ghostdep prints the snippets you need to paste manually.