EarnQuestOne · RUKAYAT-CODER · Apr 29, 2026 · Apr 29, 2026
diff --git a/.github/workflows/dependency-audit.yml b/.github/workflows/dependency-audit.yml
@@ -122,17 +122,19 @@ jobs:
           FrontEnd/my-app/package-lock.json
           BackEnd/package-lock.json
 
-    - name: Audit FrontEnd dependencies
+    - name: Audit and Check Bloat - FrontEnd
       run: |
         cd FrontEnd/my-app
         npm ci
         npm audit --audit-level=moderate
+        npx depcheck --json > ../../frontend-depcheck-report.json || echo "Unused dependencies found"
 
-    - name: Audit Backend dependencies
+    - name: Audit and Check Bloat - Backend
       run: |
         cd BackEnd
         npm ci
         npm audit --audit-level=moderate
+        npx depcheck --json > ../frontend-depcheck-backend-report.json || echo "Unused dependencies found"
 
     - name: Generate frontend audit report
       run: |
@@ -150,6 +152,14 @@ jobs:
         cd BackEnd && npm audit --json >> ../../frontend-audit-report.md 2>&1 || echo "Backend audit completed" >> ../../frontend-audit-report.md
         echo "\`\`\`" >> frontend-audit-report.md
 
+    - name: Append Depcheck Results to Report
+      run: |
+        echo "" >> frontend-audit-report.md
+        echo "### Unused Dependency Analysis (Bloat Check):" >> frontend-audit-report.md
+        echo "\`\`\`" >> frontend-audit-report.md
+        cat frontend-depcheck-report.json >> frontend-audit-report.md
+        echo "\`\`\`" >> frontend-audit-report.md
+
     - name: Upload frontend audit report
       uses: actions/upload-artifact@v4
       if: always()

diff --git a/FrontEnd/my-app/.depcheckrc b/FrontEnd/my-app/.depcheckrc
@@ -0,0 +1,14 @@
+{
+  "ignore-bin-package": false,
+  "skip-missing": false,
+  "ignore-patterns": [
+    "dist",
+    ".next",
+    "coverage"
+  ],
+  "ignore-matches": [
+    "@types/*",
+    "postcss",
+    "autoprefixer"
+  ]
+}
diff --git a/docs/dependency-audit.md b/docs/dependency-audit.md
@@ -11,6 +11,7 @@ The dependency audit system provides automated security vulnerability scanning a
 - **Multi-language Support**: Rust (cargo) and Node.js (npm) dependency auditing
 - **Automated CI/CD Integration**: Security audits run on every push and pull request
 - **Weekly Scheduled Audits**: Regular monitoring for new vulnerabilities
+- **Bloat Reduction**: `depcheck` integration to identify and remove unused dependencies
 - **Comprehensive Reporting**: Detailed audit reports and artifact uploads
 - **Local Development Tools**: Easy-to-use scripts for manual audits
 - **License Compliance**: Automated license checking for Rust dependencies
@@ -108,6 +109,10 @@ cd FrontEnd/my-app
 npm audit
 npm audit fix
 
+# Check for unused dependencies
+npm install -g depcheck
+depcheck
+
 # Backend
 cd BackEnd
 npm audit