Dependency freshness auditor for Python projects
Project description
pip-verv
pip-verv (Version Review) is a read-only CLI tool that audits the temporal freshness of Python dependencies. It measures how long each dependency has been behind the latest stable release on PyPI, calculates a per-package GAP in days, and produces a project-wide Health Score (0–100). It does not install, modify, or resolve environments.
Installation
pip install pip-verv
Usage
# Audit the current directory
verv --path .
# Output as JSON
verv --format json
# CI: fail if Health Score drops below 70
verv --score-fail 70
# CI: fail if any dependency GAP exceeds 365 days, with max 2 MAJOR-outdated deps
verv --score-fail 70 --gap-fail 365 --max-major 2
# Export to file
verv --format json > audit.json
# Audit only dependencies with a release newer than a date
verv --since 2025-01-01
# Audit explicit files
verv --env requirements.txt --env requirements-dev.txt
# Skip cache
verv --no-cache
CLI Flags
| Flag | Description |
|---|---|
--path PATH |
Project root to scan (default: .) |
--env FILE |
Explicit source file(s); repeatable; disables auto-discovery |
--ignore PKG |
Package name(s) to exclude; repeatable |
--since DATE |
Include only deps whose latest stable release is after YYYY-MM-DD |
--format FORMAT |
Output format: rich (default), json, csv, md |
--no-cache |
Disable the file-based PyPI response cache |
--score-fail N |
Exit non-zero if Health Score < N |
--gap-fail N |
Exit non-zero if any dependency GAP > N days |
--max-major N |
Exit non-zero if MAJOR-outdated dependency count > N |
--max-outdated N |
Exit non-zero if total outdated dependency count > N |
Output Fields (All Formats)
Each dependency row/object includes:
| Field | Meaning |
|---|---|
name |
Package name |
status |
up_to_date, outdated, or no_data |
installed |
Version currently installed in the environment (if present) |
latest |
Latest stable version available on PyPI |
target |
Version you should upgrade to now (see below); null if up-to-date or blocked |
bump |
Semver jump required to reach target (major, minor, patch, or null) |
urgency |
How pressing the upgrade is (hybrid of time and semver: major, minor, patch, na) |
days_behind |
Days between your version's release and the latest release |
blockers |
List of packages whose constraints prevent upgrading to the latest version |
target field explained
- Up-to-date:
null(nothing to do) - Outdated, no blockers:
latest(upgrade freely) - Outdated, blocked, can partially upgrade: highest version allowed by environment constraints
- Outdated, blocked at current version:
null(already at env ceiling; seeblockers)
Output Formats
| Format | Description |
|---|---|
rich |
Colour-coded terminal table grouped by urgency, with Health Score summary |
json |
Machine-readable JSON with score and per-dependency detail |
csv |
Comma-separated values, one row per dependency |
md |
Markdown table, suitable for reports or PR comments |
All formats include the fields above, in this order:
name, status, installed, latest, target, bump, urgency, days_behind, blockers
Health Score
The Health Score (0–100) is the mean of per-package freshness scores:
- Up-to-date: 100%
- Outdated: Linear penalty by urgency:
major: 0% at 365 days behindminor: 0% at 730 dayspatch: 0% at 1460 days
- Unknown freshness: Excluded from average
Formula:
$$ \text{score} = \frac{\sum \text{per-package scores}}{\text{count of known-freshness packages}} $$
| Score | Status |
|---|---|
| 90–100 | Excellent |
| 70–89 | Healthy |
| 50–69 | Needs attention |
| < 50 | High risk |
Example JSON Output
{
"score": 86.2,
"generated_at": "2026-05-05T09:28:08.576154",
"dependencies": [
{
"name": "pyarrow",
"status": "outdated",
"installed": "23.0.0",
"latest": "24.0.0",
"target": "24.0.0",
"bump": "major",
"urgency": "minor",
"days_behind": 92,
"blockers": []
},
{
"name": "pandas",
"status": "outdated",
"installed": "2.3.3",
"latest": "3.0.2",
"target": null,
"bump": "major",
"urgency": "minor",
"days_behind": 182,
"blockers": ["streamlit (<3,>=1.4.0)"]
}
// ...
]
}
License
This project is licensed under the MIT License. See LICENSE for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pip_verv-0.1.0.tar.gz.
File metadata
- Download URL: pip_verv-0.1.0.tar.gz
- Upload date:
- Size: 69.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.7.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cbc7a799487b79d15b7ae625f6fddc482377dcf5e3d435e73b247bdbdbb06b80
|
|
| MD5 |
fe7918455afaf20a66fe66ab3dfa8a79
|
|
| BLAKE2b-256 |
15bbb69714b75d417f7e6f1d573c96797050c39eaa8d134526437b5331a268f4
|
File details
Details for the file pip_verv-0.1.0-py3-none-any.whl.
File metadata
- Download URL: pip_verv-0.1.0-py3-none-any.whl
- Upload date:
- Size: 17.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.7.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
174764d6dbca09710881b18db89ad0062c13043925c1a8944eea794651177938
|
|
| MD5 |
67f78cf1e9f0279d99973791e0af7d31
|
|
| BLAKE2b-256 |
00220033929f8cfdb44eb27457cd81c3e8a6fb4b551d4a38d4f8b3cec8abf752
|
