Scan requirements.txt, package.json and Cargo.toml for outdated packages and known CVEs

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gnomecromancer from gravatar.com gnomecromancer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags dependencies , security , vulnerabilities , cve , outdated , pypi , npm , cargo
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

pkgscan

Scan requirements.txt, package.json, and Cargo.toml for outdated packages and known CVEs — no API keys required.

Uses OSV for vulnerability data and PyPI/npm/crates.io for latest version checks.

Install

pip install pkgscan

Usage

# Scan a single file
pkgscan requirements.txt

# Auto-discover all dependency files under a directory
pkgscan --dir .

# Skip CVE checks (faster)
pkgscan requirements.txt --skip-vulns

# Only show outdated packages
pkgscan --dir . --only-outdated

# Only show packages with known CVEs
pkgscan --dir . --only-vulns

Example output

requirements.txt  (12 packages)
────────────────────────────────────────────────────────────────────────
  requests        2.28.0           → 2.31.0  [CVE-2023-32681]
  flask           2.2.5            → 3.0.0
  click           8.1.3            8.1.7     ✓ up to date

  Summary: 2 outdated, 1 vulnerable

Exit code is 0 when all packages are up-to-date and vulnerability-free, 1 otherwise — handy for CI.

Supported files

File Ecosystem
requirements.txt / requirements-*.txt PyPI
pyproject.toml PyPI
package.json npm
Cargo.toml crates.io

CI integration

- name: Scan dependencies
  run: pkgscan --dir . --skip-vulns

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gnomecromancer from gravatar.com gnomecromancer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags dependencies , security , vulnerabilities , cve , outdated , pypi , npm , cargo
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

0.2.0

This version

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pkgscan-0.1.1.tar.gz (9.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pkgscan-0.1.1-py3-none-any.whl (7.5 kB view details)

Uploaded Python 3

File details

Details for the file pkgscan-0.1.1.tar.gz.

File metadata

  • Download URL: pkgscan-0.1.1.tar.gz
  • Upload date:
  • Size: 9.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for pkgscan-0.1.1.tar.gz
Algorithm Hash digest
SHA256 96d312376f7cea19d493bfd0f32d93de64ae7e84af0312eb2c554571c3be9eaa
MD5 0412cc4d99169c7a8f59e23e376422f5
BLAKE2b-256 605964903829f41e9581bffe3ead8d76042fab757fefd82583277da26fe78d3e

See more details on using hashes here.

File details

Details for the file pkgscan-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: pkgscan-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 7.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for pkgscan-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 2c5dcb9861c8574ed78b2cf66fe55ec8c631c4ae484d7ea03cd40a1240c45d1b
MD5 edae9746ce0f11614cff5b2f4e3b8600
BLAKE2b-256 b0bf5f69c9c33ad2806a5018514cb58c663d1d1ca771516180ce165824656f8b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page