A Python CLI that checks your project dependencies for outdated packages, security vulnerabilities, and license info. Supports requirements.txt, package.json, go.mod, and Cargo.toml. Zero external dependencies.
- Multi-ecosystem — Python (PyPI), Node.js (npm), Go (proxy.golang.org), Rust (crates.io)
- Auto-detection — Scans project directory for supported dependency files
- Outdated check — Queries package registries for latest versions
- Vulnerability scan — Queries OSV.dev API for known CVEs
- License detection — Shows license info from package registries
- Dependency tree — Visualize dependencies grouped by ecosystem
- Output formats — Colored table or JSON for CI/CD pipelines
- Update suggestions — Shows exact commands to update outdated packages
- Ignore list — Skip packages via
.depcheckignorefile - Zero dependencies — Pure Python 3 standard library (urllib only)
git clone https://github.com/Anuar-boop/dep-check.git
cd dep-check
chmod +x dep_check.pyOptionally add to PATH:
cp dep_check.py /usr/local/bin/dep-check# Auto-detect and check all dependency files in current directory
python3 dep_check.py
# Check a specific project directory
python3 dep_check.py -d /path/to/project
# Check a specific file
python3 dep_check.py -f requirements.txt
# Show dependency tree
python3 dep_check.py --tree
# JSON output (for CI/CD)
python3 dep_check.py --json
# Only show outdated packages
python3 dep_check.py --outdated-only
# Show update commands
python3 dep_check.py --update
# Skip vulnerability check (faster)
python3 dep_check.py --no-vuln
# Skip license detection (faster)
python3 dep_check.py --no-licenseCreate a .depcheckignore file in your project root:
# Packages to skip
some-internal-package
legacy-dep
PACKAGE CURRENT LATEST STATUS LICENSE VULNS
-------------------------------------------------------------------------------------------------
flask 2.3.0 3.1.0 outdated BSD-3-Clause 0
requests 2.28.0 2.32.3 outdated Apache-2.0 0
django 4.1.0 5.1.4 VULN! BSD-3-Clause 2
numpy 1.26.0 2.2.1 outdated BSD-3-Clause 0
pytest 7.4.0 8.3.4 outdated MIT 0
Summary: 5 packages | 0 up-to-date | 3 outdated | 1 vulnerable
Update Commands:
pip install flask==3.1.0 requests==2.32.3 django==5.1.4 numpy==2.2.1 pytest==8.3.4
| Flag | Description |
|---|---|
-d, --dir |
Project directory to scan (default: .) |
-f, --file |
Specific dependency file to check |
--json |
Output results as JSON |
--tree |
Show dependency tree visualization |
--no-vuln |
Skip vulnerability check |
--no-license |
Skip license detection |
--outdated-only |
Only show outdated/vulnerable packages |
--update |
Show commands to update outdated packages |
-v, --version |
Show version |
# GitHub Actions example
- name: Check dependencies
run: |
python3 dep_check.py --json > dep-report.json
python3 dep_check.py --outdated-onlyThe script exits with code 1 if any vulnerabilities are found, making it suitable for CI gates.
MIT