v0.1.11 - npm Command Caching

⚡ Performance: npm Command Caching

New Feature

• npm outdated cache: 24h TTL
• npm audit cache: 6h TTL (shorter for security)
• Cache stored in .dev-optimizer/ directory

Speed Improvement

Run	Before	After
First run	~9s	~9s
Second run	~9s	~0.01s

Implementation

// New file: src/utils/npm-cache.ts
export function getCachedOutdated(projectPath: string)
export function setCachedOutdated(projectPath: string, data)
export function getCachedAudit(projectPath: string)
export function setCachedAudit(projectPath: string, data)

Files Changed

• src/utils/npm-cache.ts (new)
• src/analyzers/DepsAnalyzer.ts (integrated caching)

---

Install:

npm install -g dev-optimizer
npx dev-optimizer analyze

v0.1.9 - Parallel npm Commands

⚡ Performance Improvement

Parallel Execution

• npm outdated and npm audit now run simultaneously
• Speed improvement: ~2-3 seconds for full mode
• No functionality changes - same accurate results

Benchmarks

Mode	Before	After
quick	0.37s	0.43s
full	11-12s	9.2s

Implementation

// Before (sequential)
const outdated = await runNpmOutdated();
const audit = await runNpmAudit();

// After (parallel)
const [outdated, audit] = await Promise.all([
  runNpmOutdated(),
  runNpmAudit()
]);

---

Install:

npm install -g dev-optimizer
npx dev-optimizer analyze --quick

v0.1.7 - Improved FP Handling

🎯 Improved Accuracy

Docker

• docker-022: .dockerignore quality check
• Missing essential patterns detection

Dependencies

• Improved outdated package detection
• Detect pinned versions
• Reduce severity for intentional pinning

Total Checks: 46

v0.1.6 - 10 New Low-FP Checks

🚀 New Checks with Low False-Positive Risk

Docker (5 new)

ID	Issue	Impact
docker-017	FROM :latest tag	Security risk, unpredictable builds
docker-018	No HEALTHCHECK	No container health detection
docker-019	Running as root	Security risk in production
docker-020	ENV without quotes	Potential injection, instability
docker-021	WORKDIR relative path	Unpredictable working directory

CI/CD (3 new)

ID	Issue	Impact
ci-010	Unpinned actions @V3	34% of security incidents from unpinned actions
ci-011	No permissions defined	Overly broad permissions
ci-012	Hardcoded secrets	Credential leak risk

Dependencies (2 new)

ID	Issue	Impact
deps-010	Missing package-lock.json	Non-deterministic builds
deps-011	Missing engines in package.json	Node.js version incompatibility

---

📊 Total Checks

Domain	Checks
Docker	21
CI/CD	12
Dependencies	11
Total	44

---

Install:

npm install -g dev-optimizer
npx dev-optimizer analyze --quick

v0.1.5 - Detailed Docker Analysis

🐳 Docker Optimization Checks

New Findings

ID	Issue	Savings
docker-010	COPY . . copies unnecessary files	200-500 MB
docker-011	pip without --no-cache-dir	30-50 MB
docker-012	apt-get without --no-install-recommends	50-150 MB
docker-013	RUN chown instead of COPY --chown	30-50 MB
docker-014	npm ci without --omit=dev	50-150 MB
docker-015	Prisma CLI not removed	70 MB
docker-016	User created after COPY	30-50 MB

Features

• Estimated size savings for each finding
• Concrete fix suggestions with code examples
• Auto-fixable flags for safe optimizations

---

Install:

npm install -g dev-optimizer
npx dev-optimizer analyze --quick

v0.1.4 - Dependency Verification

🐛 Bug Fixes

Dependency Usage Verification

• Added verifyDependencyUsage() method to check actual imports in code
• Lower confidence to `'low' when dependency is found in code
• Prevents false positives from knip (e.g., swagger-ui-express, yamljs)

Changes

• Scan src/, lib/, app/ for import/require statements
• Support CommonJS, ESM, and dynamic imports
• Add usageCount and firstLocation to evidence
• Warn users to verify before removing

CI Analyzer False Positives Fixed (v0.1.3)

• No longer reports missing cache for workflows without npm install
• Removed duplicate npm install warning (normal in GH Actions)
• Fixed sequential jobs detection logic

---

Install:

npm install -g dev-optimizer
npx dev-optimizer analyze --quick

v0.1.2 - Bug Fix

Bug Fix

Fixed [object Object] bug when knip returns dependencies as objects.

Changes

• Added proper type guard for string/object dependency parsing
• Added 5 tests for knip dependency parsing edge cases

---

Install:

npm install -g dev-optimizer
npx dev-optimizer analyze --quick

v0.1.1 - Keywords & Discoverability

What Changed

Discoverability Improvements

• Added 15 new keywords for better npm/GitHub search
• Added badges: downloads, TypeScript, GitHub stars
• Added topics line for GitHub topics

New Keywords

devops, cli-tool, ci-optimization, docker-optimization, dependency-analyzer, vulnerability-scanner, code-quality, build-optimization, cicd, container, security-audit, npm-audit, dockerfile-linter

---

Install:

npm install -g dev-optimizer
npx dev-optimizer analyze --quick

v0.1.0 - First Release

🚀 dev-optimizer v0.1.0

First release! Analyze and optimize Docker, npm, and CI/CD in minutes.

Features

3 Domains of Analysis:

• 🐳 Docker - Dockerfile optimization, .dockerignore, multistage builds
• 📦 Dependencies - Unused packages, vulnerabilities (CVE), outdated
• 🔄 CI/CD - GitHub Actions, GitLab CI, cost optimization

3 Analysis Modes:

• --quick - Static only (0.2s)
• Default - Full analysis (30s)
• --deep - With size estimates (31s)

Output Formats:

• Console (tables)
• JSON (CI integration)
• Markdown (PR comments)
• SARIF (GitHub Code Scanning)

Auto-Fixes:

• Create .dockerignore
• Add CI cache
• Add timeout-minutes
• Safe dependency removal

Installation

npm install -g dev-optimizer

# Or use with npx
npx dev-optimizer analyze --quick

Quick Start

# Fast analysis (0.2s)
dev-optimizer analyze --quick

# Full analysis (30s)
dev-optimizer analyze

# Deep analysis with size estimates
dev-optimizer analyze --deep

AI Agent Metadata

README contains machine-readable JSON metadata for AI agents to discover and use this tool.

---

Stats:

• 59 tests passing
• 76 files
• 66 KB package
• MIT License