# Dependency Freshness Checker CLI

A CLI tool that monitors outdated dependencies across multiple package managers (npm, pip, go, cargo) with security vulnerability context.

## Features

- **Multi-package manager support**: Parse and analyze dependency files for npm, pip, go, and cargo
- **Security CVE scanning**: Bundled CVE knowledge base with severity levels
- **Interactive terminal UI**: Color-coded output using Rich
- **CI/CD integration**: JSON output and proper exit codes
- **Configuration system**: YAML-based configuration
- **Upgrade recommendations**: Suggest minimal safe upgrades

## Installation

```bash
pip install depcheck
```

Or from source:

```bash
pip install -e .
```

## Usage

### Basic Usage

Scan the current directory for outdated dependencies:

```bash
depcheck scan
```

Scan a specific file:

```bash
depcheck scan package.json
depcheck scan requirements.txt
```

### Options

- `--json`: Output in JSON format
- `--ci`: CI/CD mode with proper exit codes
- `--fail-level`: Set severity threshold for failures (critical, high, medium, low)
- `--exclude-dev`: Exclude dev dependencies
- `--verbose`: Enable verbose output
- `--quiet`: Suppress non-essential output

### Exit Codes

- `0`: All dependencies are fresh
- `1`: Outdated or vulnerable dependencies found
- `2`: Error occurred during scan

## Configuration

Create a `.depcheck.yaml` file in your project root:

```yaml
ignore_patterns:
  - "test/"
  - "example/"

ignore_packages:
  - "@types/*"

fail_level: medium

output:
  format: terminal
  verbose: false

include_dev: true

package_managers:
  - npm
  - pip
```

Configuration is also read from `~/.config/depcheck/.depcheck.yaml`.

## CI/CD Integration

### GitHub Actions Example

```yaml
- name: Check dependencies
  run: depcheck scan --ci --fail-level high
```

### GitLab CI Example

```yaml
dependency_check:
  script:
    - depcheck scan --ci --json > dependency-report.json
  artifacts:
    paths:
      - dependency-report.json
```

## Supported Package Managers

| Package Manager | Files |
|----------------|-------|
| npm | package.json |
| pip | requirements.txt, pyproject.toml |
| go | go.mod |
| cargo | Cargo.toml |

## Security

The tool includes a bundled CVE database with known vulnerabilities for common packages. It checks your dependencies against this database and reports any matches with severity levels.

## Development

### Running Tests

```bash
pytest -q --cov=src --cov-report=term
pytest -q tests/integration/
```

### Project Structure

```
depcheck/
├── src/depcheck/
│   ├── parsers/       # Package manager parsers
│   ├── analyzers/     # CVE and version analyzers
│   ├── reporters/     # Output formatters
│   ├── config.py      # Configuration handling
│   └── cli.py         # CLI entry point
├── tests/
│   ├── unit/          # Unit tests
│   └── integration/   # Integration tests
└── data/              # Bundled CVE database
```

## License

MIT License