Multi-language dependency wizard - check, audit, and update dependencies across Python, Rust, Dart, and JavaScript ecosystems
Project description
depswiz
Dependency Wizard - One command to check everything. Multi-language dependency management for modern development workflows.
Why depswiz?
# Just run depswiz. That's it.
depswiz
One command checks your dependencies, scans for vulnerabilities, and validates licenses - across Python, Rust, Dart, JavaScript, Go, and Docker. Zero configuration required.
Features
- Zero-Config CI/CD: Auto-detects CI environments and enables strict mode automatically
- Multi-Language: Python, Rust, Dart/Flutter, JavaScript/TypeScript, Go, and Docker
- Docker Support: Scan Dockerfiles and Compose files for outdated base images
- Vulnerability Scanning: Integrated with OSV, GitHub Advisories, RustSec, NVD
- License Compliance: SPDX-based license checking with configurable policies
- SBOM Generation: CycloneDX 1.6 and SPDX 3.0 formats
- SARIF Output: GitHub Code Scanning and VS Code integration
- Monorepo Support: Auto-detect workspaces, recursive scanning by default
- Development Tools Checking: Verify Node, Python, Rust, Dart, Flutter, uv, Docker are up to date
- Interactive Guide: TUI dashboard with real-time health monitoring
- Deprecation Detection: Scan and auto-fix deprecated API usage (Flutter/Dart)
- AI-Powered Suggestions: Claude Code integration for intelligent upgrade strategies
- Beautiful CLI: Rich output with tables, progress bars, and colors
Installation
# Using pip
pip install depswiz
# Using uv (recommended)
uv add depswiz
# From source
git clone https://github.com/moinsen-dev/depswiz.git
cd depswiz
pip install -e .
Quick Start
# Check everything at once (dependencies + vulnerabilities + licenses)
depswiz
# Or use individual commands
depswiz check # Check for outdated dependencies
depswiz audit # Scan for vulnerabilities
depswiz licenses # Check license compliance
depswiz sbom # Generate SBOM
depswiz update # Update dependencies interactively
depswiz tools # Check development tools
depswiz suggest # AI-powered suggestions (requires Claude Code)
depswiz guide # Launch interactive dashboard
depswiz deprecations # Scan for deprecated APIs (Flutter/Dart)
Commands
depswiz (Comprehensive Scan)
Run with no arguments to check everything at once.
depswiz # Full scan: deps + vulns + licenses
depswiz --json # JSON output for parsing
depswiz --strict # Fail if any issues found
depswiz --only python # Scan only Python projects
depswiz check
Check dependencies for available updates.
depswiz check # Recursive scan (default)
depswiz check --shallow # Current directory only
depswiz check --json # JSON output
depswiz check --strict # Exit 1 if outdated found
depswiz check --only python,rust # Filter by language
depswiz check --prod # Exclude dev dependencies
depswiz audit
Scan dependencies for known vulnerabilities.
depswiz audit # Scan all vulnerabilities
depswiz audit --strict # Fail on any vulnerability
depswiz audit --strict critical # Fail only on critical
depswiz audit --ignore CVE-2024-XXX # Ignore specific CVE
depswiz audit --sarif -o results.sarif # SARIF for GitHub Code Scanning
depswiz licenses
Check license compliance.
depswiz licenses # List all licenses
depswiz licenses --summary # License distribution only
depswiz licenses --strict # Fail on violations
depswiz licenses --deny GPL-3.0 # Deny specific licenses
depswiz sbom
Generate Software Bill of Materials.
depswiz sbom -o sbom.json # CycloneDX format (default)
depswiz sbom --spdx -o sbom.spdx.json # SPDX format
depswiz sbom --dev # Include dev dependencies
depswiz update
Update dependencies interactively.
depswiz update # Interactive update
depswiz update --dry-run # Preview changes only
depswiz update --strategy patch # Only patch updates
depswiz update -y # Auto-confirm all
depswiz tools
Check development tools for updates.
depswiz tools # Check relevant tools
depswiz tools --all # Check all 15 supported tools
depswiz tools --updates-only # Only show outdated
depswiz tools --upgrade # Use Claude Code to upgrade
Supported Tools: Node.js, npm, pnpm, Yarn, Bun, Deno, Python, uv, pip, Rust, Cargo, Dart, Flutter, Go, Docker
depswiz suggest
Get AI-powered upgrade suggestions using Claude Code.
depswiz suggest # Full upgrade strategy
depswiz suggest --focus security # Focus on vulnerabilities
depswiz suggest --focus quick # Quick health summary
Note: Requires Claude Code CLI to be installed.
depswiz guide
Interactive dependency management dashboard.
depswiz guide # Launch TUI dashboard
depswiz guide --mode wizard # Step-by-step wizard
depswiz guide --mode chat # Conversational mode
Keyboard Shortcuts: a=Audit, u=Updates, l=Licenses, t=Tools, c=Chat, s=AI, q=Quit
depswiz deprecations
Detect and fix deprecated API usage in Flutter/Dart projects.
depswiz deprecations # Scan for deprecations
depswiz deprecations --fix # Auto-fix with dart fix
depswiz deprecations --ai-fix # AI-powered complex fixes
depswiz deprecations --fixable-only # Show only auto-fixable
CI/CD Integration
Zero-Configuration
depswiz automatically detects CI environments and adjusts its behavior:
- Auto-strict mode: Fails build on issues (no flags needed)
- Auto-JSON output: Machine-readable output by default
- Recursive scanning: Checks entire project tree
Detected Platforms: GitHub Actions, GitLab CI, CircleCI, Travis CI, Jenkins, Azure Pipelines, Bitbucket Pipelines, TeamCity, Buildkite, Drone, Woodpecker, Codeship, Semaphore
GitHub Actions
name: Security Check
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.13'
- run: pip install depswiz
- run: depswiz # That's it! Strict mode auto-enabled
Exit Codes
0: Success - no issues found1: Issues found (with--strictor auto-enabled in CI)
Configuration
Create a depswiz.toml in your project root:
[depswiz]
default_format = "cli"
[languages]
enabled = ["python", "rust", "dart", "javascript", "golang", "docker"]
[check]
recursive = true
warn_breaking = true
[audit]
severity_threshold = "low"
sources = ["osv", "ghsa", "rustsec", "nvd"]
[licenses]
policy_mode = "allow"
allowed = ["MIT", "Apache-2.0", "BSD-3-Clause", "ISC"]
denied = ["GPL-3.0", "AGPL-3.0"]
warn_copyleft = true
[sbom]
format = "cyclonedx"
include_transitive = true
Or add to your pyproject.toml:
[tool.depswiz]
default_format = "cli"
[tool.depswiz.audit]
severity_threshold = "high"
Supported Languages
| Language | Manifest Files | Lockfiles | Registry |
|---|---|---|---|
| Python | pyproject.toml, requirements.txt | uv.lock, poetry.lock | PyPI |
| Rust | Cargo.toml | Cargo.lock | crates.io |
| Dart/Flutter | pubspec.yaml | pubspec.lock | pub.dev |
| JavaScript/TypeScript | package.json | package-lock.json, yarn.lock | npm |
| Go | go.mod | go.sum | Go Module Proxy |
| Docker | Dockerfile, docker-compose.yml | - | Docker Hub |
Output Formats
- cli (default): Rich terminal output with colors and tables
- json: Machine-readable JSON (
--json) - markdown: GitHub-compatible markdown (
--md) - html: Self-contained HTML report (
--html) - sarif: SARIF 2.1 for GitHub Code Scanning and VS Code (
--sarif) - cyclonedx: CycloneDX 1.6 SBOM
- spdx: SPDX 3.0 SBOM
Plugin Development
Create a new language plugin by implementing LanguagePlugin:
from depswiz.plugins.base import LanguagePlugin
class MyPlugin(LanguagePlugin):
@property
def name(self) -> str:
return "mylang"
@property
def manifest_patterns(self) -> list[str]:
return ["myproject.toml"]
# ... implement other required methods
Register via pyproject.toml:
[project.entry-points."depswiz.languages"]
mylang = "my_package:MyPlugin"
Development
# Clone and install
git clone https://github.com/moinsen-dev/depswiz.git
cd depswiz
pip install -e ".[dev]"
# Run tests
pytest
# Run dogfooding tests (depswiz checks itself)
python scripts/dogfood.py
python scripts/dogfood.py --quick # Skip slow operations
# Type checking
mypy src/depswiz
# Linting
ruff check src/depswiz
Contributing
Contributions are welcome! Please read our Contributing Guide for details.
License
MIT License - see LICENSE for details.
Acknowledgments
- OSV, NVD, and GitHub Advisories for vulnerability data
- CycloneDX and SPDX for SBOM standards
- SARIF for static analysis result format
- Rich, Typer, and Textual for beautiful CLI and TUI
- InquirerPy for interactive prompts
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file depswiz-0.5.0.tar.gz.
File metadata
- Download URL: depswiz-0.5.0.tar.gz
- Upload date:
- Size: 244.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3990c68819c1f98bc6716a291168aebc98eb59cc6995f3ca2b117850d03a42bc
|
|
| MD5 |
cf4eb41a632334f95d2ffe55321f14df
|
|
| BLAKE2b-256 |
66817d07629553e2c0dbcf204ca988497c03b6ebddadf91cda0c6cb5f8ef0c65
|
File details
Details for the file depswiz-0.5.0-py3-none-any.whl.
File metadata
- Download URL: depswiz-0.5.0-py3-none-any.whl
- Upload date:
- Size: 169.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7bb3c04f7ddfe6595fc13be9e1f86304e39592c39506e5f7678ba18b562a7ac4
|
|
| MD5 |
d1545609b4d75b29782a1d490b36a08c
|
|
| BLAKE2b-256 |
7bd03a2198d6ba27c35c8a792cf18232e9d984b22324f2f421b47c82dc207c33
|
