Scan requirements.txt, package.json and Cargo.toml for outdated packages and known CVEs

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gnomecromancer from gravatar.com gnomecromancer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags dependencies , security , vulnerabilities , cve , outdated , pypi , npm , cargo
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

depscan

Scan requirements.txt, package.json, and Cargo.toml for outdated packages and known CVEs — no API keys required.

Uses OSV for vulnerability data and PyPI/npm/crates.io for latest version checks.

Install

pip install depscan

Usage

# Scan a single file
depscan requirements.txt

# Auto-discover all dependency files under a directory
depscan --dir .

# Skip CVE checks (faster)
depscan requirements.txt --skip-vulns

# Only show outdated packages
depscan --dir . --only-outdated

# Only show packages with known CVEs
depscan --dir . --only-vulns

Example output

requirements.txt  (12 packages)
────────────────────────────────────────────────────────────────────────
  requests        2.28.0           → 2.31.0  [CVE-2023-32681]
  flask           2.2.5            → 3.0.0
  click           8.1.3            8.1.7     ✓ up to date

  Summary: 2 outdated, 1 vulnerable

Exit code is 0 when all packages are up-to-date and vulnerability-free, 1 otherwise — handy for CI.

Supported files

File Ecosystem
requirements.txt / requirements-*.txt PyPI
pyproject.toml PyPI
package.json npm
Cargo.toml crates.io

CI integration

- name: Scan dependencies
  run: depscan --dir . --skip-vulns

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gnomecromancer from gravatar.com gnomecromancer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags dependencies , security , vulnerabilities , cve , outdated , pypi , npm , cargo
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

0.2.0

0.1.1

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pkgscan-0.1.0.tar.gz (9.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pkgscan-0.1.0-py3-none-any.whl (7.5 kB view details)

Uploaded Python 3

File details

Details for the file pkgscan-0.1.0.tar.gz.

File metadata

  • Download URL: pkgscan-0.1.0.tar.gz
  • Upload date:
  • Size: 9.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for pkgscan-0.1.0.tar.gz
Algorithm Hash digest
SHA256 1c6cf2ee79cf41e93c6feb7b45f01546a8d1abeef6542ffeaa6f6061a89fa919
MD5 610fa09b666cc8e4ce7f5cfe124fddf2
BLAKE2b-256 098d77f463f0b29f3edc2a1a34443d50c784d2e9aee94275feaa8080d45103af

See more details on using hashes here.

File details

Details for the file pkgscan-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: pkgscan-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 7.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for pkgscan-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 371146bbd1c0ff45af8bb4a97229f3927223a20e965c32f9d2e7a8830e7563ce
MD5 7da185cc1c3f4cbc1d8f1bd04fb4b69d
BLAKE2b-256 4117f69bb5e4bd42ed964ac4e3e77c05d884e760404f2b1f3d3b661a425bb5b6

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page