dependency health scanner — cross-language, offline-first, no account needed
Project description
depwise
dependency health scanner — no account, no api key, no config
$ depwise scan ~/netbox-test
depwise — dependency health scanner
dir ~/netbox-test
reading requirements.txt, pyproject.toml
scanning 45 packages...
Django@6.0.5 high 5 CVEs fix: 5.2.15
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15
PYSEC-2026-200, PYSEC-2026-198 +3 more
colorama@0.4.6 abandoned
No updates in 3 years
django-graphiql-debug-toolbar@0.2.0 abandoned
No updates in 4 years
1 vulnerable, 2 abandoned, 42 ok
to fix:
pip install Django==5.2.15
that's a real scan of NetBox — used in production by NVIDIA, Cloudflare, and thousands of others.
the problem with existing tools
pip-audit and npm audit exist. but:
- they audit the wrong environment when you're inside a venv
- they show 40 CVEs with no context — developers learn to ignore them
- they don't know if a package is abandoned (no CVE required to be dangerous)
- they're single-language — mixed projects need multiple tools
depwise fixes all of this.
install
pip install depwise
no account. no api key. no config file. works immediately.
usage
# scan current directory
depwise
# scan any directory from anywhere
depwise scan ./myproject
depwise scan ~/anyproject
# explain a specific package
depwise why requests
depwise why flask --version 2.2.0
# list all packages found
depwise list
# use in CI/CD — exits with code 1 if issues found
depwise scan --strict
works with:
requirements.txtpyproject.tomlpackage.json
what makes it different
detects abandoned packages — a package with no CVE but no maintainer is still a risk. depwise checks last commit dates and deprecation notices. existing tools don't.
right environment — automatically detects your active venv and scans that. pip-audit scans the wrong python when you're inside a venv.
one output — python and javascript in the same project, one scan, one report.
zero noise — shows what matters. one line per package. plain english.
zero dependencies — pure python stdlib. nothing to break. works everywhere python works.
how it works
- reads your dependency files
- detects your active virtual environment automatically
- queries OSV for known CVEs — free, no key needed
- checks PyPI and npm registry for abandoned/deprecated packages
- shows you what matters, not everything
license
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file depheal-0.1.0.tar.gz.
File metadata
- Download URL: depheal-0.1.0.tar.gz
- Upload date:
- Size: 11.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.12.1.2 readme-renderer/37.3 requests/2.34.2 requests-toolbelt/1.0.0 urllib3/2.6.3 tqdm/4.68.1 importlib-metadata/8.7.1 keyring/25.7.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d649a10c9ef550f279386d263c4eb89042ae35a333f4b659a4f9c243c32f3c73
|
|
| MD5 |
5b4f9789624c5ce3d65a0af3a887497d
|
|
| BLAKE2b-256 |
1da1b37c2a0f867e2ad3b21989567306322f11d6e7d72e94c6a5d3d1d206879d
|
File details
Details for the file depheal-0.1.0-py3-none-any.whl.
File metadata
- Download URL: depheal-0.1.0-py3-none-any.whl
- Upload date:
- Size: 12.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.12.1.2 readme-renderer/37.3 requests/2.34.2 requests-toolbelt/1.0.0 urllib3/2.6.3 tqdm/4.68.1 importlib-metadata/8.7.1 keyring/25.7.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
878e4b699b0b8a5e7845331e5b4fc0d968180a6f77c19f9723b4ebd12f8e578b
|
|
| MD5 |
110fbadeaff484683f14ecdb4952dc97
|
|
| BLAKE2b-256 |
92d3f96a78fdb449ec251e6912c094465c95620abe4bd340da3bef741b180696
|