# Dependency Analyzer (/docs/experiments/dependency-analyzer)



Analyze all external resources and dependencies loaded by any webpage. Discover scripts, stylesheets, images, fonts, and iframes to understand a site's external dependencies and third-party integrations.

## API Reference [#api-reference]

### GET /analyze [#get-analyze]

Analyze all external dependencies of a webpage by providing its URL.

<TypeTable
  type="{
  url: {
    description: &#x22;The URL of the webpage to analyze. Must be a valid HTTP or HTTPS URL.&#x22;,
    type: &#x22;string&#x22;,
    required: true,
  },
}"
/>

#### Example Request [#example-request]

```bash
curl "https://your-worker.workers.dev/analyze?url=https://www.cloudflare.com"
```

#### Response Structure [#response-structure]

**`success`** `boolean`

Indicates if the request was successful

**`data`** `object`

The analyzed dependencies from the webpage

**`data.scripts`** `string[]`

Array of unique absolute URLs of JavaScript files loaded via `<script src="...">`. Includes all external scripts referenced in the HTML.

**`data.stylesheets`** `string[]`

Array of unique absolute URLs of CSS files loaded via `<link rel="stylesheet" href="...">`. Includes all external stylesheets.

**`data.images`** `string[]`

Array of unique absolute URLs of images. Extracts from both `<img src="...">` and `<source src="...">` tags.

**`data.fonts`** `string[]`

Array of unique absolute URLs of font files. Extracts from: - `<link rel="preload" as="font" href="...">` - CSS `url()` declarations for .woff, .woff2, .ttf, .otf, and .eot files

**`data.iframes`** `string[]`

Array of unique absolute URLs of embedded iframes via `<iframe src="...">`. Useful for identifying third-party embeds.

#### Example Response [#example-response]

```json
{
  "success": true,
  "data": {
    "scripts": [
      "https://www.cloudflare.com/js/main.bundle.js",
      "https://www.googletagmanager.com/gtag/js?id=UA-12345678",
      "https://static.cloudflareinsights.com/beacon.min.js",
      "https://ajax.cloudflare.com/cdn-cgi/scripts/analytics.js"
    ],
    "stylesheets": [
      "https://www.cloudflare.com/css/main.css",
      "https://www.cloudflare.com/css/responsive.css",
      "https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700"
    ],
    "images": [
      "https://www.cloudflare.com/img/logo.svg",
      "https://www.cloudflare.com/img/hero-background.jpg",
      "https://imagedelivery.net/abc123/hero.png/public"
    ],
    "fonts": [
      "https://www.cloudflare.com/fonts/inter-regular.woff2",
      "https://www.cloudflare.com/fonts/inter-bold.woff2",
      "https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2"
    ],
    "iframes": [
      "https://www.youtube.com/embed/dQw4w9WgXcQ",
      "https://player.vimeo.com/video/123456789"
    ]
  }
}
```

## Error Responses [#error-responses]

### Invalid URL [#invalid-url]

```json
{
  "success": false,
  "error": "Missing or invalid query parameter: url",
  "code": "INVALID_URL"
}
```

### Fetch Error [#fetch-error]

```json
{
  "success": false,
  "error": "HTTP 404",
  "code": "FETCH_ERROR"
}
```

## Technical Details [#technical-details]

* Built with [Hono](https://hono.dev/) framework
* Runs on Cloudflare Workers
* Regex-based HTML parsing for fast extraction
* Automatically resolves relative URLs to absolute URLs
* Deduplicates all resource URLs
* Extracts fonts from both link tags and CSS url() declarations

## Extraction Details [#extraction-details]

### Scripts [#scripts]

* Extracted from `<script src="...">` tags
* Includes inline and external JavaScript references
* Does not include inline script content

### Stylesheets [#stylesheets]

* Extracted from `<link rel="stylesheet" href="...">`
* Includes both standard and alternate stylesheets
* Matches various ordering of rel and href attributes

### Images [#images]

* Extracted from `<img src="...">` tags
* Also extracts from `<source src="...">` for responsive images
* All formats supported (jpg, png, svg, gif, webp, etc.)

### Fonts [#fonts]

* Extracted from `<link rel="preload" as="font">` or `<link rel="stylesheet" as="font">`
* Also extracts from CSS `url()` declarations matching font extensions:
  * .woff and .woff2 (Web Open Font Format)
  * .ttf (TrueType Font)
  * .otf (OpenType Font)
  * .eot (Embedded OpenType)

### Iframes [#iframes]

* Extracted from `<iframe src="...">` tags
* Useful for identifying embeds from YouTube, Vimeo, Google Maps, etc.
* Includes both same-origin and cross-origin iframes

## Notes [#notes]

* All resource URLs are deduplicated across each category
* Relative URLs are resolved using the base URL of the page
* The tool fetches and analyzes the initial HTML only (does not execute JavaScript)
* Resources loaded dynamically after page load are not captured

## Use Cases [#use-cases]

* **Dependency Audits**: Identify all third-party dependencies and external resources
* **Performance Analysis**: Discover resource-heavy pages loading too many external files
* **Security Reviews**: Find all external scripts and potential security risks
* **Privacy Compliance**: Identify third-party trackers and analytics scripts
* **License Compliance**: Discover all fonts and resources that may require licensing
* **CDN Optimization**: Identify candidates for CDN migration or consolidation
* **Competitive Analysis**: Understand what services and tools competitors use

## Limitations [#limitations]

* Static HTML only; assets loaded dynamically by JavaScript are not detected
* HTML body is capped before parsing
* Fetch timeout on slow or unreachable origins
* Single URL per request; no site-wide crawling

## Deployment [#deployment]

<Steps>
  <Step>
    ### Click the deploy button [#click-the-deploy-button]

    [![Deploy to Cloudflare Workers](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/shrinathsnayak/cloudflare-experiments/tree/main/apps/experiments/dependency-analyzer)
  </Step>

  <Step>
    ### Deploy [#deploy]

    No additional configuration required.
  </Step>

  <Step>
    ### Test your deployment [#test-your-deployment]

    ```bash
    curl "https://your-worker.workers.dev/analyze?url=https://example.com"
    ```
  </Step>
</Steps>

## Local Development [#local-development]

```bash
cd apps/experiments/dependency-analyzer
npm install
npm run dev
```

Test locally:

```bash
curl "http://localhost:8787/analyze?url=https://example.com"
```

## Cloudflare Features Used [#cloudflare-features-used]

* **[Workers](https://developers.cloudflare.com/workers/)** - Edge compute runtime
* **[Fetch API](https://developers.cloudflare.com/workers/runtime-apis/fetch/)** - Remote HTML retrieval and parsing