diff --git a/.knip.json b/.knip.json
new file mode 100644
index 00000000..a6b51215
--- /dev/null
+++ b/.knip.json
@@ -0,0 +1,9 @@
+{
+  "project": ["src/**/*.{ts,js}"],
+  "ignore": ["public/*"],
+  "ignoreBinaries": ["knip", "vite-bundle-visualizer"],
+  "rules": {
+    "exports": "warn",
+    "types": "warn"
+  }
+}
diff --git a/doc/development.md b/doc/development.md
index 26993c7d..19d5fa90 100644
--- a/doc/development.md
+++ b/doc/development.md
@@ -30,6 +30,12 @@ Run TypeScript compiler & ESLint:
 npm run lint
 ```
 
+Print a report of unused dependencies, files & exports using [Knip](https://github.com/webpro/knip) (for the configuration, see [.knip.json](../.knip.json)):
+
+```
+npm run unused
+```
+
 ### E2E Tests
 
 Run E2E tests interactively:
diff --git a/package.json b/package.json
index bad4c966..3b1f08c4 100644
--- a/package.json
+++ b/package.json
@@ -27,7 +27,8 @@
     "locale:extract": "lit-localize extract",
     "locale:build": "lit-localize build",
     "format": "prettier --write --ignore-unknown \"./**/*.*\"",
-    "format:upgrade": "npm install --save-exact prettier@latest && npm run format"
+    "format:upgrade": "npm install --save-exact prettier@latest && npm run format",
+    "unused": "npx knip"
   },
   "dependencies": {
     "@badgateway/oauth2-client": "^2.2.4",
diff --git a/src/state/portal-state.ts b/src/state/portal-state.ts
index 93c56acf..39dff0f9 100644
--- a/src/state/portal-state.ts
+++ b/src/state/portal-state.ts
@@ -19,7 +19,7 @@ export const NAV_ITEM_QUERY_PARAM = "module";
 
 const QUERY_PARAMS = [LOCALE_QUERY_PARAM, NAV_ITEM_QUERY_PARAM];
 
-export class PortalState extends State {
+class PortalState extends State {
   @property({ value: getInitialLocale() })
   locale!: string;
 
diff --git a/src/state/token-state.ts b/src/state/token-state.ts
index 2d998f20..fdcd8ff8 100644
--- a/src/state/token-state.ts
+++ b/src/state/token-state.ts
@@ -11,7 +11,7 @@ import { TokenPayload, getTokenPayload, isTokenExpired } from "../utils/token";
 type Subscriber = (token: TokenPayload | null) => void;
 type Unsubscribe = () => void;
 
-export class TokenState {
+class TokenState {
   private _refreshToken = getRefreshToken();
   private _refreshTokenPayload: TokenPayload | null = null;
   private _accessToken = getCurrentAccessToken();
diff --git a/src/utils/token-renewal.ts b/src/utils/token-renewal.ts
index 6f36c05e..171248b0 100644
--- a/src/utils/token-renewal.ts
+++ b/src/utils/token-renewal.ts
@@ -26,7 +26,15 @@ export function initializeTokenRenewal(client: OAuth2Client): void {
   );
 }
 
-export function renewRefreshTokenOnExpiration(
+export function clearTokenRenewalTimers(): void {
+  Object.values(TokenType).forEach((type) => {
+    if (expirationTimers[type]) {
+      clearTimeout(expirationTimers[type]);
+    }
+  });
+}
+
+function renewRefreshTokenOnExpiration(
   client: OAuth2Client,
   refreshToken: TokenPayload | null,
 ): void {
@@ -43,7 +51,7 @@ export function renewRefreshTokenOnExpiration(
   });
 }
 
-export function renewAccessTokenOnExpiration(
+function renewAccessTokenOnExpiration(
   client: OAuth2Client,
   accessToken: TokenPayload | null,
 ): void {
@@ -58,14 +66,6 @@ export function renewAccessTokenOnExpiration(
   });
 }
 
-export function clearTokenRenewalTimers(): void {
-  Object.values(TokenType).forEach((type) => {
-    if (expirationTimers[type]) {
-      clearTimeout(expirationTimers[type]);
-    }
-  });
-}
-
 /**
  * Calls the given callback when the given token expires, canceling
  * ongoing timers for the given token type (if there are any).
diff --git a/src/utils/token.ts b/src/utils/token.ts
index 9263afa3..6d4ec305 100644
--- a/src/utils/token.ts
+++ b/src/utils/token.ts
@@ -1,13 +1,4 @@
-export type TokenPayload = {
-  instanceId: string;
-  scope: string;
-  locale: string;
-  issueTime: number;
-  expirationTime: number;
-  substitutionId?: number;
-};
-
-export type RawTokenPayload = {
+type RawTokenPayload = {
   instance_id: string;
   scope: string;
   culture_info: string;
@@ -20,6 +11,15 @@ export type RawTokenPayload = {
   substitution_id?: string;
 };
 
+export type TokenPayload = {
+  instanceId: string;
+  scope: string;
+  locale: string;
+  issueTime: number;
+  expirationTime: number;
+  substitutionId?: number;
+};
+
 export function getTokenPayload(token: string): TokenPayload {
   const {
     instance_id: instanceId,