AI-powered Python dependency analyzer — detect breaking changes, evaluate upgrade safety, and auto-fix deprecated APIs
Project description
Dependency Hell Analyzer
AI-powered Python dependency analyzer — detect breaking changes before upgrading, evaluate upgrade safety using real AST-level code analysis, and auto-fix deprecated APIs with a diff preview.
Stop guessing if
pip install --upgrade djangowill break your project. Know exactly what breaks, why, and how to fix it — before you upgrade.
pip install dep-analyzer
dep-analyzer check # scan all dependencies for breaking changes
dep-analyzer impact django==4.0 # deep impact analysis for one package
dep-analyzer fix --dry-run # preview auto-fixes before applying
Why dep-analyzer?
Most dependency tools tell you a new version exists. dep-analyzer tells you if upgrading will break your code — and fixes it.
| Feature | dep-analyzer | pip-audit | Dependabot | safety |
|---|---|---|---|---|
| Detects breaking API changes | YES | - | - | - |
| Analyzes actual code usage (AST) | YES | - | - | - |
| Call-level argument validation | YES | - | - | - |
| Auto-fix deprecated imports | YES | - | - | - |
| Confidence scoring | YES | - | - | - |
| AI-powered migration hints | YES | - | - | - |
| PDF health report | YES | - | - | - |
Installation
# Base (no AI)
pip install dep-analyzer
# With AI providers
pip install "dep-analyzer[anthropic]" # Claude
pip install "dep-analyzer[openai]" # GPT + Azure OpenAI
pip install "dep-analyzer[bedrock]" # AWS Bedrock
pip install "dep-analyzer[all-ai]" # All providers
# With PDF export
pip install "dep-analyzer[pdf]"
# Everything
pip install "dep-analyzer[all-ai,pdf]"
Quick Start
cd your-python-project
dep-analyzer scan # discover all files and dependencies
dep-analyzer check # check all deps for breaking changes
dep-analyzer fix --dry-run # preview safe auto-fixes
dep-analyzer fix # apply fixes with confirmation
dep-analyzer report --pdf # export full health report as PDF
How It Works
dep-analyzer goes beyond version checking:
- AST scan — parses every
.pyfile to find what APIs are actually called - Call-level analysis — inspects function arguments, not just imports
- Breaking changes database — matches usage against curated rules per package/version
- Confidence scoring —
HIGH(argument-level),MEDIUM(inferred),LOW(import-only) - AI layer — optional LLM explanation and migration hints via your own API key
import requests # import detected
requests.get(url, timeout=10) # call-level: timeout present
→ SAFE (HIGH confidence) # correct verdict, no false alarm
from django.conf.urls import url # import detected
url(r'^about/$', views.about) # call detected
→ HIGH RISK — removed in Django 4.0 # actionable alert
→ Fix: use django.urls.path # auto-fixable
Commands
dep-analyzer check — Scan all dependencies
dep-analyzer check
dep-analyzer check --fail-on HIGH # exit 2 if HIGH risk (CI/CD)
dep-analyzer check --format json
Output:
Package Version Status Used/Safe/Risky Notes
django >=3.2,<4.0 HIGH Used:2 Safe:0 Risky:2
requests ==2.28.0 SAFE Used:1 Safe:1 Risky:0
celery >=4.4 NONE -
Exit codes: 0 = clean, 1 = medium warnings, 2 = high/critical failures
dep-analyzer impact — Deep analysis for one package
dep-analyzer impact django==4.0
dep-analyzer impact requests==3.0 --ai
dep-analyzer impact flask==3.0 --ai --provider openai --model gpt-4o
dep-analyzer impact sqlalchemy==2.0 --format json
Shows:
- Relevant breaking changes (filtered to what your code actually uses)
- Ignored APIs (in database but not in your codebase)
- Upgrade Safety verdict:
SAFE TO UPGRADE/REVIEW NEEDED/UNSAFE - Recommended testing level
- AI-powered migration hints (with
--ai)
dep-analyzer fix — Auto-fix deprecated APIs
dep-analyzer fix --dry-run # preview diff, no changes
dep-analyzer fix # interactive: confirm per file
dep-analyzer fix --yes # apply all without prompting
dep-analyzer fix --package django # fix one package only
Fix flow:
12 rules available → 7 applicable fixes in 2 files
--- views.py (before)
+++ views.py (after)
- from django.utils.encoding import force_text
+ from django.utils.encoding import force_str
- from django.conf.urls import url
+ from django.urls import re_path
Apply 7 fix(es) to 2 file(s)? [y/n]: y
Fixed 2 file(s), 7 change(s)
django: 5 celery: 2
Backups: 2 .bak file(s) created
dep-analyzer report — Full health report
dep-analyzer report
dep-analyzer report --pdf
dep-analyzer report --pdf --pdf-out /tmp/report.pdf
dep-analyzer report --ai --pdf
Includes: scan summary, dependency risks, module coupling metrics, health score (0–100), optional AI summary, optional PDF export.
Other commands
dep-analyzer scan # scan files and list dependencies
dep-analyzer coupling # module coupling: Ca, Ce, instability
dep-analyzer coupling --ai # AI coupling summary
dep-analyzer trace django # trace all usages of a package
dep-analyzer graph # dependency graph
dep-analyzer setup # configure AI provider (interactive)
dep-analyzer setup --show # show current config
AI Providers (Bring Your Own Key)
dep-analyzer is free. AI features use your own API key — you pay only for what you use.
| Provider | Install | Typical cost per scan | Setup |
|---|---|---|---|
| Anthropic | dep-analyzer[anthropic] |
~$0.01 (Haiku) | DEP_ANALYZER_API_KEY |
| OpenAI | dep-analyzer[openai] |
~$0.01 (gpt-4o-mini) | DEP_ANALYZER_API_KEY |
| Azure | dep-analyzer[openai] |
varies by deployment | DEP_ANALYZER_AZURE_* |
| Bedrock | dep-analyzer[bedrock] |
~$0.01 | AWS credential chain |
Configure via .env file (auto-created on first run) or the setup wizard:
dep-analyzer setup
DEP_ANALYZER_PROVIDER=azure
DEP_ANALYZER_API_KEY=your-key
DEP_ANALYZER_AZURE_ENDPOINT=https://<resource>.cognitiveservices.azure.com/
DEP_ANALYZER_AZURE_DEPLOYMENT=gpt-4o
DEP_ANALYZER_AZURE_API_VERSION=2024-02-01
CI/CD Integration
GitHub Actions
steps:
- uses: actions/checkout@v4
- name: Check dependencies
run: |
pip install dep-analyzer
dep-analyzer check --fail-on HIGH
Pre-commit hook
pip install pre-commit
pre-commit install
.pre-commit-config.yaml:
repos:
- repo: local
hooks:
- id: dep-analyzer-check
name: Dependency Hell Analyzer
entry: dep-analyzer check
language: system
types: [python]
pass_filenames: false
args: [--fail-on, HIGH]
Local Development & Testing
git clone https://github.com/Narsi12/dep-analyzer.git
cd "dep-analyzer"
pip install -e ".[all-ai,pdf]"
Run end-to-end tests against the built-in fixture project:
# 1. Scan
dep-analyzer scan --repo tests/fixtures/simple_project
# 2. Check all dependencies
dep-analyzer check --repo tests/fixtures/simple_project
# 3. Impact analysis
dep-analyzer impact requests==3.0 --repo tests/fixtures/simple_project
dep-analyzer impact django==4.0 --repo tests/fixtures/simple_project
# 4. Fix (preview)
dep-analyzer fix --repo tests/fixtures/simple_project --dry-run
# 5. Fix (apply)
dep-analyzer fix --repo tests/fixtures/simple_project --yes
# 6. Verify idempotency
dep-analyzer fix --repo tests/fixtures/simple_project --dry-run
# Expected: "No files need fixing."
# 7. Coupling
dep-analyzer coupling --repo tests/fixtures/simple_project
# 8. Report
dep-analyzer report --repo tests/fixtures/simple_project
# 9. PDF report
dep-analyzer report --repo tests/fixtures/simple_project --pdf
# 10. AI analysis (requires .env)
dep-analyzer impact requests==3.0 --repo tests/fixtures/simple_project --ai
dep-analyzer report --repo tests/fixtures/simple_project --ai --pdf
Supported Packages (Breaking Changes Database)
| Package | Versions with rules |
|---|---|
| Django | 2.0, 3.0, 4.0, 5.0 |
| Flask | 2.0, 2.3, 3.0 |
| SQLAlchemy | 1.4, 2.0 |
| Celery | 5.0, 5.3 |
| Requests | 3.0 |
| FastAPI | 0.89, 0.95, 0.100–0.112 |
Adding support for more packages is easy — each package is a single YAML file in data/breaking_changes/.
Understanding Output
Severity
| Level | Meaning |
|---|---|
| SAFE | Usage verified safe — no action needed |
| LOW | Minor risk — worth reviewing |
| MEDIUM | Deprecated API — plan migration |
| HIGH | Removed API confirmed in use — will break |
| CRITICAL | Multiple removed APIs across many files |
Confidence
| Level | How determined |
|---|---|
| HIGH | Argument-level — call and args directly inspected |
| MEDIUM | Call detected but args not conclusive |
| LOW | Import matched only — no call detected |
Upgrade Safety
| Verdict | Meaning |
|---|---|
| SAFE TO UPGRADE | All usages verified, no risky calls found |
| REVIEW NEEDED | Dynamic imports or low-confidence matches |
| UNSAFE | Confirmed breaking API in active use |
License
MIT — free to use, modify, and distribute.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file depinsight-0.1.0-py3-none-any.whl.
File metadata
- Download URL: depinsight-0.1.0-py3-none-any.whl
- Upload date:
- Size: 69.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b0e04b526c71c8e2f158d89c58899fdec15cd8778fd6ad0d4acc101a64e9e91a
|
|
| MD5 |
6a500be5cac956078dfe7cce879a1b5c
|
|
| BLAKE2b-256 |
3d50da6126c795b49a0ef596c6de0abb2125805481afd37caab025ff1de79321
|
