Skip to main content

dependency health scanner — cross-language, offline-first, no account needed

Project description

depwise

dependency health scanner — no account, no api key, no config

$ depwise scan ~/netbox-test

depwise — dependency health scanner

  dir      ~/netbox-test
  reading  requirements.txt, pyproject.toml

  scanning 45 packages...

  Django@6.0.5   high  5 CVEs  fix: 5.2.15
    An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15
    PYSEC-2026-200, PYSEC-2026-198 +3 more

  colorama@0.4.6   abandoned
    No updates in 3 years

  django-graphiql-debug-toolbar@0.2.0   abandoned
    No updates in 4 years

  1 vulnerable, 2 abandoned, 42 ok

  to fix:
    pip install Django==5.2.15

that's a real scan of NetBox — used in production by NVIDIA, Cloudflare, and thousands of others.

the problem with existing tools

pip-audit and npm audit exist. but:

  • they audit the wrong environment when you're inside a venv
  • they show 40 CVEs with no context — developers learn to ignore them
  • they don't know if a package is abandoned (no CVE required to be dangerous)
  • they're single-language — mixed projects need multiple tools

depwise fixes all of this.

install

pip install depwise

no account. no api key. no config file. works immediately.

usage

# scan current directory
depwise

# scan any directory from anywhere
depwise scan ./myproject
depwise scan ~/anyproject

# explain a specific package
depwise why requests
depwise why flask --version 2.2.0

# list all packages found
depwise list

# use in CI/CD — exits with code 1 if issues found
depwise scan --strict

works with:

  • requirements.txt
  • pyproject.toml
  • package.json

what makes it different

detects abandoned packages — a package with no CVE but no maintainer is still a risk. depwise checks last commit dates and deprecation notices. existing tools don't.

right environment — automatically detects your active venv and scans that. pip-audit scans the wrong python when you're inside a venv.

one output — python and javascript in the same project, one scan, one report.

zero noise — shows what matters. one line per package. plain english.

zero dependencies — pure python stdlib. nothing to break. works everywhere python works.

how it works

  • reads your dependency files
  • detects your active virtual environment automatically
  • queries OSV for known CVEs — free, no key needed
  • checks PyPI and npm registry for abandoned/deprecated packages
  • shows you what matters, not everything

license

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

depheal-0.1.0.tar.gz (11.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

depheal-0.1.0-py3-none-any.whl (12.9 kB view details)

Uploaded Python 3

File details

Details for the file depheal-0.1.0.tar.gz.

File metadata

  • Download URL: depheal-0.1.0.tar.gz
  • Upload date:
  • Size: 11.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.12.1.2 readme-renderer/37.3 requests/2.34.2 requests-toolbelt/1.0.0 urllib3/2.6.3 tqdm/4.68.1 importlib-metadata/8.7.1 keyring/25.7.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.13.13

File hashes

Hashes for depheal-0.1.0.tar.gz
Algorithm Hash digest
SHA256 d649a10c9ef550f279386d263c4eb89042ae35a333f4b659a4f9c243c32f3c73
MD5 5b4f9789624c5ce3d65a0af3a887497d
BLAKE2b-256 1da1b37c2a0f867e2ad3b21989567306322f11d6e7d72e94c6a5d3d1d206879d

See more details on using hashes here.

File details

Details for the file depheal-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: depheal-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 12.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.12.1.2 readme-renderer/37.3 requests/2.34.2 requests-toolbelt/1.0.0 urllib3/2.6.3 tqdm/4.68.1 importlib-metadata/8.7.1 keyring/25.7.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.13.13

File hashes

Hashes for depheal-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 878e4b699b0b8a5e7845331e5b4fc0d968180a6f77c19f9723b4ebd12f8e578b
MD5 110fbadeaff484683f14ecdb4952dc97
BLAKE2b-256 92d3f96a78fdb449ec251e6912c094465c95620abe4bd340da3bef741b180696

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page