← 返回 Skills 市场
83
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install bundlephobia
功能描述
Bundle size & dependency bloat analyzer — scans JS/TS projects for oversized dependencies, duplicate packages, tree-shaking failures, and bundle configuratio...
使用说明 (SKILL.md)
\r \r
BundlePhobia — Bundle Size & Dependency Bloat Analyzer\r
\r BundlePhobia scans your JavaScript and TypeScript projects for oversized dependencies, duplicate packages, tree-shaking failures, barrel file anti-patterns, and bundle configuration issues. It uses 90+ detection patterns covering 5 categories of bundle bloat. 100% local, zero telemetry.\r \r
Commands\r
\r
Free Tier (No license required)\r
\r
bundlephobia scan [file|dir]\r
One-shot bundle bloat scan of your project (5 file limit on free tier).\r \r How to execute:\r
bash "\x3CSKILL_DIR>/scripts/bundlephobia.sh" scan [file|dir]\r
```\r
\r
**What it does:**\r
1. Detects project type (npm/yarn/pnpm/monorepo)\r
2. Discovers JS/TS source files, package.json, and bundler configs\r
3. Scans for oversized dependencies, duplicate packages, tree-shaking failures\r
4. Checks bundle configuration (webpack, vite, rollup, esbuild)\r
5. Analyzes dependency hygiene in package.json\r
6. Calculates a 0-100 bloat score with letter grade (A-F)\r
\r
**Example usage scenarios:**\r
- "Scan my project for bundle bloat" -> runs `bundlephobia scan .`\r
- "Check if I have oversized dependencies" -> runs `bundlephobia scan .`\r
- "Find tree-shaking issues in my code" -> runs `bundlephobia scan src/`\r
- "Analyze my package.json for bloat" -> runs `bundlephobia scan package.json`\r
\r
#### `bundlephobia status`\r
Show license info and current configuration.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/bundlephobia.sh" status\r
```\r
\r
#### `bundlephobia patterns`\r
List all 90+ detection patterns.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/bundlephobia.sh" patterns\r
```\r
\r
### Pro Tier ($19/user/month — requires BUNDLEPHOBIA_LICENSE_KEY)\r
\r
#### `bundlephobia hooks install`\r
Install git hooks that scan for bundle bloat on every commit.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/bundlephobia.sh" hooks install\r
```\r
\r
**What it does:**\r
1. Validates Pro+ license\r
2. Installs lefthook pre-commit hook targeting JS/TS files and package.json\r
3. On every commit: scans staged files for bundle bloat patterns, blocks commit if critical/high issues found\r
\r
#### `bundlephobia hooks uninstall`\r
Remove BundlePhobia git hooks.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/bundlephobia.sh" hooks uninstall\r
```\r
\r
#### `bundlephobia report [dir]`\r
Generate a detailed markdown bundle health report.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/bundlephobia.sh" report [dir]\r
```\r
\r
#### `bundlephobia audit [dir]`\r
Deep dependency audit — analyzes every dependency for size, alternatives, and optimization opportunities.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/bundlephobia.sh" audit [dir]\r
```\r
\r
### Team Tier ($39/user/month — requires BUNDLEPHOBIA_LICENSE_KEY with team tier)\r
\r
#### `bundlephobia budget [dir]`\r
Enforce size budgets — fails if bundle exceeds configured thresholds.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/bundlephobia.sh" budget [dir]\r
```\r
\r
#### `bundlephobia sarif [dir]`\r
Generate SARIF JSON output for CI/CD integration (GitHub Code Scanning, etc.).\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/bundlephobia.sh" sarif [dir]\r
```\r
\r
#### `bundlephobia ci [dir]`\r
CI mode — non-interactive scan with machine-readable output and exit codes.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/bundlephobia.sh" ci [dir]\r
```\r
\r
## Detection Categories (90+ patterns)\r
\r
| Category | Patterns | What It Detects |\r
|----------|----------|-----------------|\r
| Oversized Dependencies | 20 | moment.js, lodash full import, faker in prod, aws-sdk v2, etc. |\r
| Duplicate & Redundant | 18 | axios + node-fetch, moment + dayjs, jest + mocha, etc. |\r
| Tree-Shaking Failures | 20 | import *, require(), barrel re-exports, namespace imports, etc. |\r
| Bundle Configuration | 18 | Missing splitChunks, no code splitting, missing externals, etc. |\r
| Dependency Hygiene | 14+ | Pinned versions, deprecated packages, devDeps in deps, etc. |\r
\r
## Configuration\r
\r
Add to `~/.openclaw/openclaw.json`:\r
\r
```json\r
{\r
"skills": {\r
"entries": {\r
"bundlephobia": {\r
"enabled": true,\r
"apiKey": "YOUR_LICENSE_KEY",\r
"config": {\r
"maxBundleSize": "500KB",\r
"ignoredPackages": [],\r
"severityThreshold": "high",\r
"checkTreeShaking": true,\r
"checkDuplicates": true\r
}\r
}\r
}\r
}\r
}\r
```\r
\r
## Important Notes\r
\r
- **Free tier** works immediately — no configuration needed\r
- **All scanning happens locally** using grep-based pattern matching\r
- **License validation is offline** — no phone-home, no telemetry\r
- Works with npm, yarn, pnpm, and monorepos\r
- Supports webpack, vite, rollup, esbuild, parcel, and next.js configs\r
- POSIX-compatible — runs on macOS, Linux, and Windows (WSL/Git Bash)\r
\r
## When to Use BundlePhobia\r
\r
The user might say things like:\r
- "Scan my project for large dependencies"\r
- "Check my bundle size"\r
- "Find unnecessary packages in my project"\r
- "Are there any tree-shaking issues?"\r
- "Audit my dependencies for bloat"\r
- "Set up bundle size monitoring"\r
- "Check if I have duplicate packages"\r
- "Generate a bundle health report"\r
- "Enforce size budgets in CI"\r
安全使用建议
This skill appears to do what it claims: local grep-based bundle analysis and optional pre-commit hook installation. Before installing: 1) Confirm you are comfortable with lefthook being installed and lefthook.yml being created/modified in your repository (hooks will run on every commit and can block commits). 2) Provide a BUNDLEPHOBIA_LICENSE_KEY only if you trust the vendor; the license is validated locally. 3) Note the script may optionally use an env var named CLAWHUB_JWT_SECRET to verify JWT signatures (not documented in SKILL.md); if you maintain such a secret, be aware the skill will check it if present. 4) Review scripts yourself (they are small, shell-based, and offline) if you need higher assurance. If you want to avoid repo changes, use the free 'bundlephobia scan' command which runs a one-shot local scan without installing hooks.
功能分析
Type: OpenClaw Skill
Name: bundlephobia
Version: 1.0.1
The bundle is a legitimate static analysis tool for JavaScript and TypeScript projects designed to identify bundle bloat and dependency issues. It operates entirely locally using standard shell utilities (grep, find, du) to scan source code and configuration files against a comprehensive set of 90+ patterns defined in scripts/patterns.sh. The licensing system (scripts/license.sh) uses offline JWT validation without telemetry or network calls, and the git hook integration (scripts/bundlephobia.sh) is a standard development workflow feature that is clearly documented and user-invoked.
能力标签
能力评估
Purpose & Capability
Name, description, CLI commands, and included scripts all align: the code performs local pattern-based scanning of JS/TS projects, produces reports, and optionally installs pre-commit hooks via lefthook. Declared requirements (git, bash, python3, jq) and primaryEnv (BUNDLEPHOBIA_LICENSE_KEY) match the documented free/pro/team feature split.
Instruction Scope
SKILL.md and scripts instruct the agent to discover files in the project tree, run grep-based pattern checks, and (for Pro) install lefthook-based pre-commit hooks. The scripts read the user's repo files and the OpenClaw config (~/.openclaw/openclaw.json) to find a license key—this is expected behavior for a local scanner and for offline license lookup.
Install Mechanism
Install spec is a single brew formula (lefthook) to support hooks installation. No arbitrary downloads, URL fetches, or extract/install-from-personal-servers are present in the provided files.
Credentials
Primary credential BUNDLEPHOBIA_LICENSE_KEY is appropriate for pro/team features. Minor concerns: license validation optionally looks for an env var named CLAWHUB_JWT_SECRET (used to verify JWT HMAC) which is not declared in metadata—this is likely a shared-secret mechanism but it's not documented. The scripts also attempt to use node as a fallback to parse JSON if available (node is not listed as a required binary), which is harmless but worth noting.
Persistence & Privilege
Skill does not request always:true and does not persist across agents. Installing 'hooks install' writes/edits lefthook.yml in the repository and runs lefthook install to create git hooks — expected for a pre-commit hook feature but it does modify repo-level configuration (and will run on every commit until removed).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install bundlephobia - 安装完成后,直接呼叫该 Skill 的名称或使用
/bundlephobia触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Fix: declare all deps, JWT signature verification, configPaths
v1.0.0
Initial release of the bundlephobia skill — a local bundle size and dependency bloat analyzer for JS/TS projects.
- Scans projects for oversized dependencies, duplicate packages, tree-shaking failures, barrel file patterns, and bundle configuration issues using 90+ detection patterns.
- Supports free, pro, and team tiers (different commands and features based on license level).
- Includes commands for scanning, license status, detection pattern listing, in-depth audit, report generation, bundle budget enforcement, SARIF output, and CI integration.
- Fully local analysis; zero telemetry, offline license validation, supports npm/yarn/pnpm/monorepos and major bundlers.
- POSIX-compatible — works on macOS, Linux, and Windows (WSL/Git Bash).
元数据
常见问题
bundlephobia 是什么?
Bundle size & dependency bloat analyzer — scans JS/TS projects for oversized dependencies, duplicate packages, tree-shaking failures, and bundle configuratio... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 83 次。
如何安装 bundlephobia?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install bundlephobia」即可一键安装,无需额外配置。
bundlephobia 是免费的吗?
是的,bundlephobia 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
bundlephobia 支持哪些平台?
bundlephobia 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 bundlephobia?
由 suhteevah(@suhteevah)开发并维护,当前版本 v1.0.1。
推荐 Skills