Multi-language dependency wizard - check, audit, and update dependencies across Python, Rust, Dart, and JavaScript ecosystems
Project description
depswiz
Dependency Wizard - A multi-language dependency management CLI tool for modern development workflows.
Features
- Multi-Language Support: Python, Rust, Dart/Flutter, JavaScript/TypeScript
- Vulnerability Scanning: Integrated with OSV, GitHub Advisories, RustSec
- License Compliance: SPDX-based license checking with configurable policies
- SBOM Generation: CycloneDX 1.6 and SPDX 3.0 formats
- Monorepo Support: Auto-detect workspaces across all ecosystems
- Development Tools Checking: Check if Node, Python, Rust, Dart, Flutter, uv, etc. are up to date
- AI-Powered Suggestions: Claude Code integration for intelligent upgrade strategies
- Beautiful CLI: Rich output with tables, progress bars, and colors
- Plugin Architecture: Extensible via Python entry points
Installation
# Using pip
pip install depswiz
# Using uv (recommended)
uv add depswiz
# From source
git clone https://github.com/moinsen-dev/depswiz.git
cd depswiz
pip install -e .
Quick Start
# Check for outdated dependencies
depswiz check
# Scan for vulnerabilities
depswiz audit
# Check license compliance
depswiz licenses
# Generate SBOM
depswiz sbom -o sbom.json
# Update dependencies interactively
depswiz update
# Check development tools for updates
depswiz tools
# Get AI-powered upgrade suggestions (requires Claude Code)
depswiz suggest
Commands
depswiz check
Check dependencies for available updates.
depswiz check # Check current directory
depswiz check --workspace # Check all workspace members
depswiz check -l python -l rust # Check only Python and Rust
depswiz check --format json # Output as JSON
depswiz check --fail-outdated # Exit 1 if outdated packages found
depswiz audit
Scan dependencies for known vulnerabilities.
depswiz audit # Audit current directory
depswiz audit --severity high # Only show high+ severity
depswiz audit --fail-on critical # Fail on critical vulnerabilities
depswiz audit --ignore CVE-2024-XXX # Ignore specific vulnerability
depswiz licenses
Check license compliance.
depswiz licenses # List all licenses
depswiz licenses --summary # License distribution only
depswiz licenses --deny GPL-3.0 # Fail on GPL-3.0 licensed packages
depswiz sbom
Generate Software Bill of Materials.
depswiz sbom -o sbom.json # CycloneDX format (default)
depswiz sbom --format spdx -o sbom.spdx.json
depswiz sbom --include-transitive # Include transitive dependencies
depswiz update
Update dependencies interactively.
depswiz update # Interactive update
depswiz update --dry-run # Preview changes
depswiz update --strategy patch # Only patch updates
depswiz update -y # Auto-confirm
depswiz tools
Check development tools for updates.
depswiz tools # Auto-detect and check relevant tools
depswiz tools --all # Check all 15 supported tools
depswiz tools -t node -t python # Check specific tools
depswiz tools --updates-only # Only show tools with updates
depswiz tools --format json # JSON output for CI
depswiz tools --upgrade # Use Claude Code to upgrade tools
Supported Tools: Node.js, npm, pnpm, Yarn, Bun, Deno, Python, uv, pip, Rust, Cargo, Dart, Flutter, Go, Docker
depswiz suggest
Get AI-powered upgrade suggestions using Claude Code.
depswiz suggest # Full upgrade strategy
depswiz suggest --focus security # Focus on security vulnerabilities
depswiz suggest --focus quick # Quick health summary
depswiz suggest --focus toolchain # Analyze development tools
Note: Requires Claude Code CLI to be installed.
Configuration
Create a depswiz.toml in your project root:
[depswiz]
default_format = "cli"
[languages]
enabled = ["python", "rust", "dart", "javascript"]
[check]
recursive = false
workspace = true
strategy = "all"
warn_breaking = true
[audit]
severity_threshold = "low"
fail_on = "high"
sources = ["osv"]
[licenses]
policy_mode = "allow"
allowed = ["MIT", "Apache-2.0", "BSD-3-Clause", "ISC"]
denied = ["GPL-3.0", "AGPL-3.0"]
warn_copyleft = true
[sbom]
format = "cyclonedx"
include_transitive = true
Or add to your pyproject.toml:
[tool.depswiz]
default_format = "cli"
[tool.depswiz.audit]
fail_on = "high"
Supported Languages
| Language | Manifest | Lockfile | Registry |
|---|---|---|---|
| Python | pyproject.toml, requirements.txt | uv.lock, poetry.lock | PyPI |
| Rust | Cargo.toml | Cargo.lock | crates.io |
| Dart/Flutter | pubspec.yaml | pubspec.lock | pub.dev |
| JavaScript/TypeScript | package.json | package-lock.json, yarn.lock | npm |
Output Formats
- cli (default): Rich terminal output with colors and tables
- json: Machine-readable JSON
- markdown: GitHub-compatible markdown
- html: Self-contained HTML report
- cyclonedx: CycloneDX 1.6 SBOM
- spdx: SPDX 3.0 SBOM
Plugin Development
Create a new language plugin by implementing LanguagePlugin:
from depswiz.plugins.base import LanguagePlugin
class MyPlugin(LanguagePlugin):
@property
def name(self) -> str:
return "mylang"
@property
def manifest_patterns(self) -> list[str]:
return ["myproject.toml"]
# ... implement other required methods
Register via pyproject.toml:
[project.entry-points."depswiz.languages"]
mylang = "my_package:MyPlugin"
CI/CD Integration
GitHub Actions
- name: Security Audit
run: depswiz audit --fail-on high
- name: License Check
run: depswiz licenses --fail-on-unknown
- name: Generate SBOM
run: depswiz sbom -o sbom.json
Exit Codes
0: Success1: Vulnerabilities or violations found (when using--fail-*options)
Development
# Clone and install
git clone https://github.com/moinsen-dev/depswiz.git
cd depswiz
pip install -e ".[dev]"
# Run tests
pytest
# Run dogfooding tests (depswiz checks itself)
python scripts/dogfood.py
python scripts/dogfood.py --quick # Skip slow operations
# Type checking
mypy src/depswiz
# Linting
ruff check src/depswiz
Contributing
Contributions are welcome! Please read our Contributing Guide for details.
License
MIT License - see LICENSE for details.
Acknowledgments
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
depswiz-0.3.0.tar.gz
(166.1 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
depswiz-0.3.0-py3-none-any.whl
(90.6 kB
view details)
File details
Details for the file depswiz-0.3.0.tar.gz.
File metadata
- Download URL: depswiz-0.3.0.tar.gz
- Upload date:
- Size: 166.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e2a602190141833fd700c25b581ffee499af9f46bcb21d5bab4dde9e224bfaa5
|
|
| MD5 |
d4557b8039ccd52e08191e8ee4ec1f63
|
|
| BLAKE2b-256 |
4e1ba304e22bb9964896240c28a2261f51c517a28694c442924342a7967f5b06
|
File details
Details for the file depswiz-0.3.0-py3-none-any.whl.
File metadata
- Download URL: depswiz-0.3.0-py3-none-any.whl
- Upload date:
- Size: 90.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6d12e431bc3664b1d8f9c8e3be3cec6030b688b8bcdc2f447a9e8818bb0917a7
|
|
| MD5 |
9028fa890e271ca6c3d22d06c897f07b
|
|
| BLAKE2b-256 |
aedabb49bf08048d9b4d3e7d2fff71c7c30e53432a2cafdbfb7a002f2a68c0f7
|
