7000pctAUTO/dependency-freshness-checker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
48 Commits 1 Branch 1 Tag
7c2c635ca5588cf3670033ae906bb525f4b4f186
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Dependency Freshness Checker CLI

A CLI tool that monitors outdated dependencies across multiple package managers (npm, pip, go, cargo) with security vulnerability context.

Features

  • Multi-package manager support: Parse and analyze dependency files for npm, pip, go, and cargo
  • Security CVE scanning: Bundled CVE knowledge base with severity levels
  • Interactive terminal UI: Color-coded output using Rich
  • CI/CD integration: JSON output and proper exit codes
  • Configuration system: YAML-based configuration
  • Upgrade recommendations: Suggest minimal safe upgrades

Installation

pip install depcheck

Or from source:

pip install -e .

Usage

Basic Usage

Scan the current directory for outdated dependencies:

depcheck scan

Scan a specific file:

depcheck scan package.json
depcheck scan requirements.txt

Options

  • --json: Output in JSON format
  • --ci: CI/CD mode with proper exit codes
  • --fail-level: Set severity threshold for failures (critical, high, medium, low)
  • --exclude-dev: Exclude dev dependencies
  • --verbose: Enable verbose output
  • --quiet: Suppress non-essential output

Exit Codes

  • 0: All dependencies are fresh
  • 1: Outdated or vulnerable dependencies found
  • 2: Error occurred during scan

Configuration

Create a .depcheck.yaml file in your project root:

ignore_patterns:
  - "test/"
  - "example/"

ignore_packages:
  - "@types/*"

fail_level: medium

output:
  format: terminal
  verbose: false

include_dev: true

package_managers:
  - npm
  - pip

Configuration is also read from ~/.config/depcheck/.depcheck.yaml.

CI/CD Integration

GitHub Actions Example

- name: Check dependencies
  run: depcheck scan --ci --fail-level high

GitLab CI Example

dependency_check:
  script:
    - depcheck scan --ci --json > dependency-report.json
  artifacts:
    paths:
      - dependency-report.json

Supported Package Managers

Package Manager Files
npm package.json
pip requirements.txt, pyproject.toml
go go.mod
cargo Cargo.toml

Security

The tool includes a bundled CVE database with known vulnerabilities for common packages. It checks your dependencies against this database and reports any matches with severity levels.

Development

Running Tests

pytest -q --cov=src --cov-report=term
pytest -q tests/integration/

Project Structure

depcheck/
├── src/depcheck/
│   ├── parsers/       # Package manager parsers
│   ├── analyzers/     # CVE and version analyzers
│   ├── reporters/     # Output formatters
│   ├── config.py      # Configuration handling
│   └── cli.py         # CLI entry point
├── tests/
│   ├── unit/          # Unit tests
│   └── integration/   # Integration tests
└── data/              # Bundled CVE database

License

Reference in New Issue View Git Blame Copy Permalink
Description
A CLI tool that monitors outdated dependencies across npm, pip, go, cargo with security CVE scanning
Readme MIT 98 KiB
Releases 1
v1.0.0 Latest
2026-02-04 15:00:57 +00:00
Languages
Python 100%