Scan requirements.txt, package.json and Cargo.toml for outdated packages and known CVEs

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gnomecromancer from gravatar.com gnomecromancer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags dependencies , security , vulnerabilities , cve , outdated , pypi , npm , cargo
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

pkgscan

Scan requirements.txt, package.json, and Cargo.toml for outdated packages and known CVEs — no API keys required.

Uses OSV for vulnerability data and PyPI/npm/crates.io for latest version checks.

Install

pip install pkgscan

Usage

# Scan a single file
pkgscan requirements.txt

# Auto-discover all dependency files under a directory
pkgscan --dir .

# Skip CVE checks (faster)
pkgscan requirements.txt --skip-vulns

# Only show outdated packages
pkgscan --dir . --only-outdated

# Only show packages with known CVEs
pkgscan --dir . --only-vulns

Example output

requirements.txt  (12 packages)
────────────────────────────────────────────────────────────────────────
  requests        2.28.0           → 2.31.0  [CVE-2023-32681]
  flask           2.2.5            → 3.0.0
  click           8.1.3            8.1.7     ✓ up to date

  Summary: 2 outdated, 1 vulnerable

Exit code is 0 when all packages are up-to-date and vulnerability-free, 1 otherwise — handy for CI.

Supported files

File Ecosystem
requirements.txt / requirements-*.txt PyPI
pyproject.toml PyPI
package.json npm
Cargo.toml crates.io

CI integration

- name: Scan dependencies
  run: pkgscan --dir . --skip-vulns

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gnomecromancer from gravatar.com gnomecromancer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags dependencies , security , vulnerabilities , cve , outdated , pypi , npm , cargo
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

This version

0.2.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pkgscan-0.2.0.tar.gz (9.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pkgscan-0.2.0-py3-none-any.whl (7.8 kB view details)

Uploaded Python 3

File details

Details for the file pkgscan-0.2.0.tar.gz.

File metadata

  • Download URL: pkgscan-0.2.0.tar.gz
  • Upload date:
  • Size: 9.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for pkgscan-0.2.0.tar.gz
Algorithm Hash digest
SHA256 0978443a3d5ccc13f97b394b13781cf7fc1d0d1f23b97c5fac312c438152d150
MD5 114cb0dd3af0157067a3b4101ca912d2
BLAKE2b-256 b197204512a971dabb0dafd2fa3841086982ac4cbdb82974b7d2e4b27544d12d

See more details on using hashes here.

File details

Details for the file pkgscan-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: pkgscan-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 7.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for pkgscan-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6a329a1baaa981d5c3c369f3305de0e72e44ec3ac596e5334b5f524db1f1bcc0
MD5 93dea7b7c4d7f1323da9db4ade769ac0
BLAKE2b-256 6f610eb24f9f249c870967b87f00666dc1e935342a5c1513db456650be73f0f6

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page