Skip to main content

dependency health scanner — cross-language, offline-first, no account needed

Project description

depwise

dependency health scanner — no account, no api key, no config

$ depwise scan ~/netbox-test

depwise — dependency health scanner

  dir      ~/netbox-test
  reading  requirements.txt, pyproject.toml

  scanning 45 packages...

  Django@6.0.5   high  5 CVEs  fix: 5.2.15
    An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15
    PYSEC-2026-200, PYSEC-2026-198 +3 more

  colorama@0.4.6   abandoned
    No updates in 3 years

  django-graphiql-debug-toolbar@0.2.0   abandoned
    No updates in 4 years

  1 vulnerable, 2 abandoned, 42 ok

  to fix:
    pip install Django==5.2.15

that's a real scan of NetBox — used in production by NVIDIA, Cloudflare, and thousands of others.

the problem with existing tools

pip-audit and npm audit exist. but:

  • they audit the wrong environment when you're inside a venv
  • they show 40 CVEs with no context — developers learn to ignore them
  • they don't know if a package is abandoned (no CVE required to be dangerous)
  • they're single-language — mixed projects need multiple tools

depwise fixes all of this.

install

pip install depheal

no account. no api key. no config file. works immediately.

usage

# scan current directory
depwise

# scan any directory from anywhere
depwise scan ./myproject
depwise scan ~/anyproject

# explain a specific package
depwise why requests
depwise why flask --version 2.2.0

# list all packages found
depwise list

# use in CI/CD — exits with code 1 if issues found
depwise scan --strict

works with:

  • requirements.txt
  • pyproject.toml
  • package.json

what makes it different

detects abandoned packages — a package with no CVE but no maintainer is still a risk. depwise checks last commit dates and deprecation notices. existing tools don't.

right environment — automatically detects your active venv and scans that. pip-audit scans the wrong python when you're inside a venv.

one output — python and javascript in the same project, one scan, one report.

zero noise — shows what matters. one line per package. plain english.

zero dependencies — pure python stdlib. nothing to break. works everywhere python works.

how it works

  • reads your dependency files
  • detects your active virtual environment automatically
  • queries OSV for known CVEs — free, no key needed
  • checks PyPI and npm registry for abandoned/deprecated packages
  • shows you what matters, not everything

license

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

depheal-0.1.1.tar.gz (12.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

depheal-0.1.1-py3-none-any.whl (13.4 kB view details)

Uploaded Python 3

File details

Details for the file depheal-0.1.1.tar.gz.

File metadata

  • Download URL: depheal-0.1.1.tar.gz
  • Upload date:
  • Size: 12.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.12.1.2 readme-renderer/37.3 requests/2.34.2 requests-toolbelt/1.0.0 urllib3/2.6.3 tqdm/4.68.1 importlib-metadata/8.7.1 keyring/25.7.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.13.13

File hashes

Hashes for depheal-0.1.1.tar.gz
Algorithm Hash digest
SHA256 d2f7754c1b6b7c1d62a1df91d8618bacef13ec70b405ae055b4dcc34e0b59ce2
MD5 4f24c5ccf7dca20f03325f8c1df4361f
BLAKE2b-256 52b2ac7ca6e8ab497b8d1e047f78fadf5f5a2280b9863980b5ae6d7a48dcb795

See more details on using hashes here.

File details

Details for the file depheal-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: depheal-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 13.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.12.1.2 readme-renderer/37.3 requests/2.34.2 requests-toolbelt/1.0.0 urllib3/2.6.3 tqdm/4.68.1 importlib-metadata/8.7.1 keyring/25.7.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.13.13

File hashes

Hashes for depheal-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 2a91f92cc21f9658b2a007b2a70028f8b7974c9626b16bb09cbe6ddc66e14fb5
MD5 27bc7a1588a9658d1dab4614c8161e43
BLAKE2b-256 d0dc3070a21e0a49f3eaf9789fa0c0e214472a17fa31183e519bf9cb48d811ec

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page