← Back to Blog

Wrangling Dependencies in a Monorepo

Working in a monorepo has a lot of advantages, but dependency management can get pretty unwieldy if left alone and no checks or tools are in place to monitor and audit a monorepo.

As your repo grows to include multiple apps and packages, it becomes increasingly difficult to keep external dependencies up to date and consistent. Over time, version drift creeps in. For example, one app uses one version of TypeScript, another uses a slightly different version, and before you know it, things are out of sync.

On top of that, unused dependencies tend to accumulate quietly. Packages get installed, forgotten, and left behind adding unnecessary weight to your project.

There are a few key benefits to keeping your dependencies organized and aligned:

  • Confidence in your stack – You know exactly which versions are being used across all apps and packages.
  • Faster installs – Shared versions mean better cache utilization and quicker npm install times.
  • Improved security – Fewer version mismatches reduce the surface area for vulnerabilities.
  • Cleaner diffs and maintenance – Consistency makes changes easier to track and reason about.

In this post, I’ll walk through three tools that help keep monorepo dependencies in sync, organized, and up to date:

  • Manypkg – Lint and standardize your package.json dependencies
  • Syncpack – Enforce consistent dependency versions across packages
  • Knip – Detect unused dependencies and dead code

Manypkg

Think of Manypkg as Prettier but for your dependencies.

It enforces a consistent structure across your package.json files and helps ensure your dependencies are in good shape. This makes diffs smaller, cleaner, and easier to review.

It runs checks against your dependencies to ensure that they are in working order. There are a ton of checks Manypkg runs against your repo, but here are a few to highlight:

  • Mismatched dependency versions
    Ensures the same package (e.g., react) uses the same version across the repo.

  • Out-of-sync version ranges
    Flags inconsistencies in version ranges of a dependency like ^1.2.0 vs ~1.2.0 vs 1.2.3.

  • Duplicate declarations
    Detects packages listed in multiple sections (dependencies + devDependencies).

Installing Manypkg:

After installing Manypkg (npx install @manypkg/cli), you just need to run npx manypkg check and Manypkg will begin checking your repo.

You can define a Manypkg config in your root package.json to override default behavior. For example, you can ignore certain checks if you'd like:

JSON

"manypkg": {
    "ignoredRules": ["EXTERNAL_MISMATCH"]
}

Running npx manypkg fix will go through and auto-fix dependency issues where it can.

Syncpack

Syncpack focuses specifically on keeping dependency versions aligned across your monorepo.

It helps detect version mismatches and gives you control over how dependencies should be standardized, preventing version drift before it becomes a problem.

Installing Syncpack:

npx install syncpack --save-dev
npx syncpack list

You can define rules using a .syncpackrc file at the root of your repo. For example, you could add the following to ensure all React dependencies stay in sync:

JSON

{
    "versionGroups": [
        {
            "label": "Sync react dependencies only",
            "dependencies": ["react", "react-dom"],
            "dependencyTypes": ["prod"]
        },
        {
            "label": "Ignore everything else",
            "ignored": true
        }
    ]
}

Knip

Knip helps you clean up dependencies, files, and exports that are unused. Think about that one time 6 months ago you installed lodash and never used it Knip will automatically go through and detect dependencies like this and remove them.

It scans your codebase to identify:

  • Unused dependencies
  • Packages listed in package.json but never imported
  • Unused files and exports
  • Dead code like abandoned components or utilities

This is something most linters don’t catch well, especially in larger monorepos.

Getting started with Knip:

npx init @knip/config npm run knip

Final Thoughts

Dependency management in a monorepo can get tricky and overwhelming. By combining Manypkg for structure and linting, Syncpack for version consistency, and Knip for cleanup, you can keep your dependencies predictable, lean, and maintainable as your repo scales.