Shrivantra is a digital publication by The Royals Valley that publishes expert articles on business, startups, technology, AI and personal growth. It is designed to help readers think smarter and grow faster.

What topics does Shrivantra cover?

Shrivantra covers business strategy, startups, mindset, technology, AI trends, productivity, careers and personal growth — with practical articles published weekly.

Who publishes Shrivantra?

Shrivantra is published by The Royals Valley, a digital product studio based in Kolkata, India, founded by Abhijeet Kumar.

Is Shrivantra free to read?

Yes, all content on Shrivantra is completely free to read. There is no paywall.

How often does Shrivantra publish new articles?

Shrivantra publishes new articles every week. Subscribe to the newsletter at shrivantra.com to receive new posts directly in your inbox.

Where is Shrivantra based?

Shrivantra is based in Kolkata, West Bengal, India and is operated by The Royals Valley.

You Don't Need That npm Package — The Cost of Dependency Bloat

Open a random package.json from a project you haven't touched in a year. Count the dependencies. Now ask yourself honestly: how many of those are things you added "just to solve one small thing quickly"? This.

This is dependency bloat, and it's slowly making your projects unmaintainable, insecure, and slow.

The Real Cost of Every Package You Install

When you run npm install left-pad (yes, it's a classic example for a reason), you're not just adding one file. You're adding a node in your supply chain. That package has maintainers who can abandon it, publish a malicious version, or simply stop fixing security vulnerabilities. The node_modules nightmare isn't a meme — it's the cumulative consequence of "I'll just add a quick package for this."

Every package you add is:

A potential security vulnerability

A future version conflict

Extra weight in your bundle

Something that can break when Node updates

Something your team needs to understand

Common Packages You Probably Don't Need

lodash — Do you actually need the entire library, or just debounce? Write it yourself. It's 5 lines.

moment.js — This is 67KB minified and the maintainers themselves recommend migrating away. Use the native Intl.DateTimeFormat API or the much smaller date-fns.

axios — The native fetch API works in all modern browsers and Node 18+. Unless you need request cancellation or interceptors heavily, you likely don't need axios.

uuid — crypto.randomUUID() is now natively available in browsers and Node.js.

is-odd, is-even, is-number — These are real packages with millions of weekly downloads. n % 2 !== 0 is all you need.

How to Audit Your Dependencies

Run npx depcheck in your project. It shows you packages that are declared but never used. You'll be surprised. Also use bundlephobia.com — paste any package name and see exactly how much it adds to your bundle size. For packages you do need, check if you can import only what you use: import debounce from 'lodash/debounce' instead of import _ from 'lodash'.

The Principle

Before installing any package, ask: Can I write this in under 20 lines? Is this functionality available natively in modern JS? Is this package actively maintained and widely trusted?

If you can write it yourself in minutes, write it yourself. Own your code. Understand your dependencies. Your future self debugging a mysterious error at 2 AM will thank you.