A CLI tool to find outdated and abandoned dependencies in your projects.
Project description
decivy
A CLI tool to find outdated, stale, and abandoned dependencies across your projects. Supports Python, Node, Go, and Rust. Powered by your own AI API key.
Installation
pip install decivy
Requires Python 3.11+.
Quick start
dev scan /path/to/your/project
Commands
scan
Scan a directory for dependency issues.
dev scan [PATH] [OPTIONS]
| Option | Default | Description |
|---|---|---|
--depth INT |
3 | How deep to recurse into subdirectories |
--ecosystem TEXT |
all | Filter by ecosystem: python, node, go, rust |
--format TEXT |
table | Output format: table, json, md |
--output FILE |
stdout | Write report to a file |
--no-ai |
off | Skip AI analysis |
Examples:
# Scan current directory
dev scan
# Scan a specific project, Python only
dev scan ~/projects/myapp --ecosystem python
# Export a JSON report
dev scan ~/projects/myapp --format json --output report.json
# Scan without AI summary
dev scan ~/projects/myapp --no-ai
update
Scan and update outdated or stale dependencies.
dev update [PATH] [OPTIONS]
| Option | Default | Description |
|---|---|---|
--ecosystem TEXT |
all | Filter by ecosystem |
--dry-run |
off | Show what would be updated without doing it |
--yes |
off | Skip confirmation prompt |
--req FILE |
none | Update a requirements file after upgrading (Python only) |
Examples:
# Update current directory
dev update
# Preview what would be updated
dev update ~/projects/myapp --dry-run
# Update without confirmation prompt
dev update ~/projects/myapp --yes
# Update and rewrite requirements.txt
dev update ~/projects/myapp --ecosystem python --req requirements.txt
config
View or update decivy settings.
dev config [OPTIONS]
| Option | Description |
|---|---|
--show |
Print current configuration |
--config-dir |
Show the config file location |
--provider TEXT |
AI provider: gemini, openai, groq, ollama |
--api-key TEXT |
API key for the chosen provider |
--model TEXT |
Model override (leave blank for provider default) |
--depth INT |
Default scan depth |
--stale-after INT |
Days before a package is considered stale |
Examples:
# View current config
dev config --show
# Show where config is stored
dev config --config-dir
# Set up Gemini
dev config --provider gemini --api-key YOUR_KEY
# Set up OpenAI with a specific model
dev config --provider openai --api-key YOUR_KEY --model gpt-4o-mini
# Use a local Ollama model (no API key needed)
dev config --provider ollama
# Change stale threshold to 1 year
dev config --stale-after 365
Status levels
| Status | Meaning |
|---|---|
ok |
Up to date |
outdated |
Behind by one or more major versions |
stale |
No release in over 2 years |
abandoned |
No release in over 5 years |
deprecated |
Marked inactive by maintainer |
unknown |
Could not retrieve package info |
AI analysis
decivy can summarise flagged dependencies using your own API key — it never uses a shared key or charges you through the tool.
Supported providers:
| Provider | Notes |
|---|---|
| Gemini | Free tier available. Recommended for first-time setup. |
| OpenAI | gpt-4o-mini is cheap and fast for this use case. |
| Groq | Free tier, very fast. Uses Llama models. |
| Ollama | Fully local, no API key needed. |
Set your key via config or environment variable:
# Via config (persisted)
dev config --provider gemini --api-key YOUR_KEY
# Via environment variable (takes priority over config)
export DEPSCOUT_API_KEY=YOUR_KEY
For Ollama (local), no key is needed — just make sure Ollama is running and set the provider:
dev config --provider ollama
Supported ecosystems
| Ecosystem | Manifest files | Registry |
|---|---|---|
| Python | pyproject.toml, requirements.txt, setup.cfg |
PyPI |
| Node | package.json |
npm |
| Go | go.mod |
Go proxy |
| Rust | Cargo.toml |
crates.io |
CI usage
decivy works well in CI pipelines. Use --format json and --output to capture results, and --no-ai to skip the API call:
# GitHub Actions example
- name: Audit dependencies
run: dev scan . --format json --output dep-report.json --no-ai
- name: Upload report
uses: actions/upload-artifact@v3
with:
name: dependency-report
path: dep-report.json
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file decivy-0.1.0.tar.gz.
File metadata
- Download URL: decivy-0.1.0.tar.gz
- Upload date:
- Size: 16.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
49905baf090c8c035788d0c6bf336cedf14cefec808d88d6e1b46a90e08b92e7
|
|
| MD5 |
44f1cb1877d78a9584a2400163ccb883
|
|
| BLAKE2b-256 |
1d9ae2b2485665e92757ac3df8d449c7274c8d64076e15c67a79b57721f3e867
|
File details
Details for the file decivy-0.1.0-py3-none-any.whl.
File metadata
- Download URL: decivy-0.1.0-py3-none-any.whl
- Upload date:
- Size: 18.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8c02d51a926654d7ce02eafa153071da6d3b19118809401ce1bb259bfc9b28c4
|
|
| MD5 |
638d1edcecd9d79154b55076f5feeb9b
|
|
| BLAKE2b-256 |
ebc41c467ca265aa02a812d0288dddbfd24c42b4e2dd7b9d512b9f672889cb5c
|