Skip to main content

A CLI tool to find outdated and abandoned dependencies in your projects.

Project description

decivy

A CLI tool to find outdated, stale, and abandoned dependencies across your projects. Supports Python, Node, Go, and Rust. Powered by your own AI API key.

Installation

pip install decivy

Requires Python 3.11+.

Quick start

dev scan /path/to/your/project

Commands

scan

Scan a directory for dependency issues.

dev scan [PATH] [OPTIONS]
Option Default Description
--depth INT 3 How deep to recurse into subdirectories
--ecosystem TEXT all Filter by ecosystem: python, node, go, rust
--format TEXT table Output format: table, json, md
--output FILE stdout Write report to a file
--no-ai off Skip AI analysis

Examples:

# Scan current directory
dev scan

# Scan a specific project, Python only
dev scan ~/projects/myapp --ecosystem python

# Export a JSON report
dev scan ~/projects/myapp --format json --output report.json

# Scan without AI summary
dev scan ~/projects/myapp --no-ai

update

Scan and update outdated or stale dependencies.

dev update [PATH] [OPTIONS]
Option Default Description
--ecosystem TEXT all Filter by ecosystem
--dry-run off Show what would be updated without doing it
--yes off Skip confirmation prompt
--req FILE none Update a requirements file after upgrading (Python only)

Examples:

# Update current directory
dev update

# Preview what would be updated
dev update ~/projects/myapp --dry-run

# Update without confirmation prompt
dev update ~/projects/myapp --yes

# Update and rewrite requirements.txt
dev update ~/projects/myapp --ecosystem python --req requirements.txt

config

View or update decivy settings.

dev config [OPTIONS]
Option Description
--show Print current configuration
--config-dir Show the config file location
--provider TEXT AI provider: gemini, openai, groq, ollama
--api-key TEXT API key for the chosen provider
--model TEXT Model override (leave blank for provider default)
--depth INT Default scan depth
--stale-after INT Days before a package is considered stale

Examples:

# View current config
dev config --show

# Show where config is stored
dev config --config-dir

# Set up Gemini
dev config --provider gemini --api-key YOUR_KEY

# Set up OpenAI with a specific model
dev config --provider openai --api-key YOUR_KEY --model gpt-4o-mini

# Use a local Ollama model (no API key needed)
dev config --provider ollama

# Change stale threshold to 1 year
dev config --stale-after 365

Status levels

Status Meaning
ok Up to date
outdated Behind by one or more major versions
stale No release in over 2 years
abandoned No release in over 5 years
deprecated Marked inactive by maintainer
unknown Could not retrieve package info

AI analysis

decivy can summarise flagged dependencies using your own API key — it never uses a shared key or charges you through the tool.

Supported providers:

Provider Notes
Gemini Free tier available. Recommended for first-time setup.
OpenAI gpt-4o-mini is cheap and fast for this use case.
Groq Free tier, very fast. Uses Llama models.
Ollama Fully local, no API key needed.

Set your key via config or environment variable:

# Via config (persisted)
dev config --provider gemini --api-key YOUR_KEY

# Via environment variable (takes priority over config)
export DEPSCOUT_API_KEY=YOUR_KEY

For Ollama (local), no key is needed — just make sure Ollama is running and set the provider:

dev config --provider ollama

Supported ecosystems

Ecosystem Manifest files Registry
Python pyproject.toml, requirements.txt, setup.cfg PyPI
Node package.json npm
Go go.mod Go proxy
Rust Cargo.toml crates.io

CI usage

decivy works well in CI pipelines. Use --format json and --output to capture results, and --no-ai to skip the API call:

# GitHub Actions example
- name: Audit dependencies
  run: dev scan . --format json --output dep-report.json --no-ai

- name: Upload report
  uses: actions/upload-artifact@v3
  with:
    name: dependency-report
    path: dep-report.json

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

decivy-0.1.0.tar.gz (16.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

decivy-0.1.0-py3-none-any.whl (18.1 kB view details)

Uploaded Python 3

File details

Details for the file decivy-0.1.0.tar.gz.

File metadata

  • Download URL: decivy-0.1.0.tar.gz
  • Upload date:
  • Size: 16.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.9

File hashes

Hashes for decivy-0.1.0.tar.gz
Algorithm Hash digest
SHA256 49905baf090c8c035788d0c6bf336cedf14cefec808d88d6e1b46a90e08b92e7
MD5 44f1cb1877d78a9584a2400163ccb883
BLAKE2b-256 1d9ae2b2485665e92757ac3df8d449c7274c8d64076e15c67a79b57721f3e867

See more details on using hashes here.

File details

Details for the file decivy-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: decivy-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 18.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.9

File hashes

Hashes for decivy-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8c02d51a926654d7ce02eafa153071da6d3b19118809401ce1bb259bfc9b28c4
MD5 638d1edcecd9d79154b55076f5feeb9b
BLAKE2b-256 ebc41c467ca265aa02a812d0288dddbfd24c42b4e2dd7b9d512b9f672889cb5c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page