Skip to main content

A tool to check the end-of-life status of software dependencies

Project description

End of Life Checker

English | 中文

A command-line tool to check the end-of-life (EOL) status of software dependencies in your projects by comparing them with data from endoflife.date.

Special Note: This tool was developed entirely with the assistance of Amazon Q CLI, showcasing the capabilities of AI-assisted development.

Overview

End of Life Checker helps developers identify outdated dependencies in their projects that may pose security risks or compatibility issues. The tool scans project files to detect dependencies and their versions, then checks them against the EOL data to provide alerts and recommendations.

Requirements

  • Python 3.8 or higher
  • Required packages (automatically installed):
    • requests>=2.25.0
    • toml>=0.10.2
    • streamlit>=1.22.0
    • numpy<2.0.0

Features

  • Support for multiple programming languages and frameworks:
    • Java (Maven, Gradle)
      • Complete dependency tree analysis including transitive dependencies
      • Parent POM inheritance support
      • Dependency management resolution
    • Node.js (npm, yarn)
    • Python (pip, poetry, pipenv)
  • Command-line interface for easy integration into CI/CD pipelines
  • Graphical user interface for interactive usage
  • Detailed reports showing:
    • Dependencies approaching EOL
    • Dependencies that have reached EOL
    • Recommended upgrade paths with breaking changes warnings (⚠️)
    • Beautiful emoji-based status indicators (🔴 🟠 🟢 ❓)
    • Execution time and progress tracking
    • Project name and full path information
  • Configurable warning thresholds (e.g., alert 90 days before EOL)
  • Export reports in multiple formats (JSON, CSV, HTML)
  • Offline mode with cached EOL data

Installation

From PyPI (Recommended)

pip install eol-check

From Source

For the latest development version or to contribute to the project:

# Clone the repository
git clone https://github.com/yourlin/eol-check.git
cd eol-check

# Install in development mode
pip install -e .

Installing from source allows you to modify the code and immediately see the effects without reinstalling.

Publishing to PyPI

For maintainers who want to publish a new version to PyPI:

# Update version in setup.py first
python -m build
twine check dist/*
twine upload dist/*

Alternatively, create a new release on GitHub to trigger the automated publishing workflow.

Usage

Basic usage:

eol-check /path/to/project

With options:

eol-check /path/to/project --format json --output report.json --threshold 180

Launch the graphical user interface:

eol-check --ui

Options

  • --format: Output format (text, json, csv, html). Default: text
  • --output: Save report to file instead of stdout
  • --threshold: Days before EOL to start warning. Default: 90
  • --offline: Use cached EOL data instead of fetching from endoflife.date
  • --update: Force update of cached EOL data
  • --cache-ttl: Cache time-to-live duration. Default: 1d. Formats: '1d' (1 day), '12h' (12 hours), '30m' (30 minutes)
  • --verbose: Show detailed information about the checking process, including API availability messages and debug output
  • --ignore-file: Path to file containing dependencies to ignore (one dependency name per line)
  • --max-workers: Maximum number of parallel workers for API requests (default: CPU count * 2)
  • --ui: Launch the graphical user interface

Ignore File Format

The ignore file should contain one dependency name per line. Comments can be added using the # character.

Example ignore.txt:

# These dependencies are internal and don't need EOL checking
internal-lib
legacy-component
# This one has a custom support contract
enterprise-framework

Supported Project Types

  • Java: pom.xml, build.gradle
    • Requires Maven/Gradle installed for complete dependency analysis
    • Falls back to basic parsing if build tools are not available
  • Node.js: package.json, package-lock.json, yarn.lock
    • Requires npm/yarn installed for complete dependency analysis
    • Falls back to basic parsing if build tools are not available
  • Python: requirements.txt, Pipfile, pyproject.toml
    • Requires pip/poetry/pipenv installed for complete dependency analysis
    • Falls back to basic parsing if build tools are not available

Advanced Features

Breaking Changes Detection

The tool automatically detects when a recommended upgrade involves a major version change (e.g., upgrading from 2.x to 3.x) and marks these with a warning emoji (⚠️) to indicate potential breaking changes.

Transitive Dependency Analysis

For Java projects, the tool analyzes the complete dependency tree including:

  • Direct dependencies declared in your project
  • Transitive dependencies pulled in by your direct dependencies
  • Dependencies managed by parent POMs
  • Dependencies from dependency management sections

This ensures you get alerts about EOL status for all libraries your application actually uses, not just the ones you directly declare.

Graphical User Interface

The tool provides a user-friendly Streamlit-based GUI that can be launched with the --ui parameter:

  • Project selection and scanning
  • Interactive dependency analysis results
  • Cache management interface
  • About section with project information

The GUI makes it easy for non-technical users to check their project dependencies without needing to use command-line options.

CI/CD Integration

The tool is designed to be easily integrated into CI/CD pipelines:

  • Exit code 0: No issues found
  • Exit code 1: Error running the tool
  • Exit code 2: Critical issues found (dependencies that have reached EOL)

This allows you to fail builds or trigger alerts when critical dependencies are detected.

Example integration with GitHub Actions:

name: Check Dependencies EOL

on:
  schedule:
    - cron: '0 8 * * 1'  # Run every Monday at 8:00 AM
  workflow_dispatch:  # Allow manual trigger

jobs:
  check-dependencies:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.10'
          
      - name: Install eol-check
        run: pip install eol-check
        
      - name: Check dependencies
        run: eol-check . --format json --output eol-report.json
        
      - name: Upload report as artifact
        if: always()
        uses: actions/upload-artifact@v3
        with:
          name: eol-report
          path: eol-report.json

Troubleshooting

Common Issues

  1. API Rate Limiting

    • Symptom: Slow performance or errors about "too many requests"
    • Solution: Use the --max-workers option to reduce the number of parallel requests, or use --offline mode with cached data
  2. Missing Dependencies

    • Symptom: The tool doesn't detect all dependencies you expect
    • Solution: Make sure you're using the right build tool (Maven, npm, etc.) and that it's properly installed. The tool falls back to basic parsing if build tools aren't available.
  3. Unknown EOL Status

    • Symptom: Many dependencies show as "UNKNOWN" status
    • Solution: The endoflife.date API might not have data for those dependencies. Consider contributing to the endoflife.date project.

Verbose Mode

Use the --verbose flag to get more detailed information about what's happening:

  • API request details and responses
  • Cache usage information
  • Dependency resolution process
  • Detailed error messages and stack traces

This is particularly useful when troubleshooting issues or when you want to understand how the tool is processing your project.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

eol_check-0.2.0.tar.gz (16.9 kB view details)

Uploaded Source

Built Distribution

eol_check-0.2.0-py3-none-any.whl (12.0 kB view details)

Uploaded Python 3

File details

Details for the file eol_check-0.2.0.tar.gz.

File metadata

  • Download URL: eol_check-0.2.0.tar.gz
  • Upload date:
  • Size: 16.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.7

File hashes

Hashes for eol_check-0.2.0.tar.gz
Algorithm Hash digest
SHA256 4bb7be5bd20b1b306fd6e714eec5fdbc5c13f335f6a28a8d96e845e2a965ad90
MD5 5158ac2c8ef9bc990e928c993d95e793
BLAKE2b-256 76c7bcdc773334fe85479b5709c443a891990dc7f3a49541fc35a27b90276874

See more details on using hashes here.

File details

Details for the file eol_check-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: eol_check-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 12.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.12.7

File hashes

Hashes for eol_check-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6d66e88ce2c188d5113df5ba58dcf5c917ab3f39fbcbafe78053da4e8c78ab58
MD5 a81694cac231d059c05fed66e75935b2
BLAKE2b-256 9312511fcc43cb095015b355384bfa71206faeb6f1817c070f7ce757963b1ed3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page