Local-first dependency decision CLI for JS/TS projects
Project description
🚀 Depsly
Depsly is a local-first dependency decision CLI for JavaScript/TypeScript projects.
It helps you answer:
- What dependencies actually matter?
- What should I review first?
- Why is this transitive package even here?
- What happens if I remove something?
🧠 Why Depsly
Most dependency tools focus on:
- vulnerabilities
- compliance
- audit reports
Depsly focuses on:
Decision-making
It combines:
- dependency graph analysis
- structural impact simulation
- feasibility-aware recommendations
- saved scan history and comparison
So you can decide where to spend your time.
✨ What Depsly Does
- Builds a full dependency graph from
package-lock.json - Analyzes structural risk (depth, fanout, transitive exposure)
- Ranks dependencies by impact × actionability
- Explains why transitive dependencies exist
- Simulates structural impact of removing packages
- Exports normalized recommendation scans as JSON
- Saves scans locally for history and comparison
- Generates an interactive HTML dependency graph explorer
- Runs entirely locally (no code upload required)
⚡ Install
Recommended (pipx)
pipx install depsly
If needed:
pipx install --python python3.11 depsly
Alternative (pip)
pip install depsly
🚀 Quick Start
Analyze your dependency graph
depsly analyze package-lock.json
Get prioritized recommendations
depsly recommend package-lock.json
JSON export:
depsly recommend package-lock.json --json
Trace why a package exists
depsly trace package-lock.json @babel/core@7.29.0
Preview structural impact of removal
depsly simulate-remove package-lock.json eslint@9.39.4
Save and compare scans over time
depsly save-scan package-lock.json
depsly list-scans --project frontend
depsly compare-scans ~/.depsly/scans/frontend-2026-04-11T10-15-43Z.json ~/.depsly/scans/frontend-2026-04-12T09-20-00Z.json
Open the dependency graph in your browser
depsly graph-html package-lock.json
🧪 Example Output
Depsly Recommendations
Project: frontend
Packages analyzed: 204
1. eslint@9.39.4
Action: REVIEW
Actionability: MEDIUM
Reason confidence: HIGH
Impact: 35%
Classification: Direct (root dev dependency)
Why:
- Direct dependency from root devDependencies
- Structural impact: 35% (71 packages). Verify whether this dependency is still required
🧭 How to Read the Output
Action
What Depsly suggests:
- REVIEW → investigate before changing
- REMOVE → strong candidate to remove
- TRACE_UPSTREAM → change parent dependency instead
- DEFER → low priority
Actionability
How easy it is to change:
- HIGH → easy to modify
- MEDIUM → moderate effort
- LOW → difficult or risky
Impact
Percentage of your dependency graph affected.
Reason confidence
How strong the structural signal is:
- HIGH → direct + clear signals
- MEDIUM → inferred from structure
- LOW → limited information
🔁 Typical Workflow
analyze → recommend → trace → simulate-remove
↓
save-scan → list-scans → compare-scans
↓
graph-html
⚠️ Important
Structural analysis only.
Does not guarantee install, build, or runtime correctness.
🔐 Why Local-First Matters
- No source code upload
- No account required
- No rate limits
- Fully deterministic
🎯 Philosophy
Depsly is not a scanner.
It is a:
Dependency decision support system
📚 Docs
Run the CLI help to explore all commands and options:
depsly --help
For command-specific help:
depsly analyze --help
depsly recommend --help
depsly trace --help
depsly simulate-remove --help
depsly save-scan --help
depsly list-scans --help
depsly compare-scans --help
depsly graph-html --help
Example:
depsly recommend package-lock.json
🚧 Status
Early release (v0.1.7)
Core features are stable:
- analyze
- recommend
- recommend --json
- trace
- simulate-remove
- save-scan
- list-scans
- compare-scans
- graph-html
- scripts/scan_repos.py batch workflow
💬 Feedback
If you try Depsly on your project, I’d love to hear:
- what felt useful
- what felt off
- what you expected but didn’t see
Email: info+depsly@convologix.com or open an issue on GitHub: https://github.com/sshiraz/depsly
Even a quick note or screenshot is incredibly helpful.
I read every message.
🏁 Summary
Depsly helps you move from:
“I have 200 dependencies…”
to:
“Here’s exactly what I should look at first.”
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file depsly-0.1.7.tar.gz.
File metadata
- Download URL: depsly-0.1.7.tar.gz
- Upload date:
- Size: 50.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b7841778f4b7edc3bc5f6e10a4298b1bc6d141659a5601c9b0b612201d96e43f
|
|
| MD5 |
526e50bc48a13df4696678585d8e5b0a
|
|
| BLAKE2b-256 |
bf8c78ecb037411bc85d54c79fdcb32e27b52d6864b6f6766e371ebe1c92d7b0
|
File details
Details for the file depsly-0.1.7-py3-none-any.whl.
File metadata
- Download URL: depsly-0.1.7-py3-none-any.whl
- Upload date:
- Size: 36.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
44cf5f3d09da2bb2ce96c0505606a11d1c004276865e042ce423ad66b2c301d4
|
|
| MD5 |
0da4bc9f3a038c722dd4c44d71d257fc
|
|
| BLAKE2b-256 |
1822f3be10b7fb441e5aae82fc928a428c99074ec1dbb84b613d860c61fd58d3
|
