depheal 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- depheal-0.1.0/PKG-INFO +124 -0
- depheal-0.1.0/README.md +100 -0
- depheal-0.1.0/depheal.egg-info/PKG-INFO +124 -0
- depheal-0.1.0/depheal.egg-info/SOURCES.txt +17 -0
- depheal-0.1.0/depheal.egg-info/dependency_links.txt +1 -0
- depheal-0.1.0/depheal.egg-info/entry_points.txt +2 -0
- depheal-0.1.0/depheal.egg-info/top_level.txt +2 -0
- depheal-0.1.0/depwise/__init__.py +8 -0
- depheal-0.1.0/depwise/checker.py +370 -0
- depheal-0.1.0/depwise/cli.py +183 -0
- depheal-0.1.0/depwise/reporter.py +177 -0
- depheal-0.1.0/depwise/scanner.py +275 -0
- depheal-0.1.0/pyproject.toml +44 -0
- depheal-0.1.0/setup.cfg +4 -0
depheal-0.1.0/PKG-INFO
ADDED
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: depheal
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: dependency health scanner — cross-language, offline-first, no account needed
|
|
5
|
+
Author: Prince
|
|
6
|
+
License: MIT
|
|
7
|
+
Project-URL: Homepage, https://github.com/prince0x/depwise
|
|
8
|
+
Project-URL: Repository, https://github.com/prince0x/depwise
|
|
9
|
+
Project-URL: Issues, https://github.com/prince0x/depwise/issues
|
|
10
|
+
Keywords: dependencies,security,audit,CVE,devtools
|
|
11
|
+
Classifier: Development Status :: 3 - Alpha
|
|
12
|
+
Classifier: Environment :: Console
|
|
13
|
+
Classifier: Intended Audience :: Developers
|
|
14
|
+
Classifier: License :: OSI Approved :: MIT License
|
|
15
|
+
Classifier: Programming Language :: Python :: 3
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
17
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
18
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
19
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
20
|
+
Classifier: Topic :: Security
|
|
21
|
+
Classifier: Topic :: Software Development :: Libraries :: Python Modules
|
|
22
|
+
Requires-Python: >=3.10
|
|
23
|
+
Description-Content-Type: text/markdown
|
|
24
|
+
|
|
25
|
+
# depwise
|
|
26
|
+
|
|
27
|
+
dependency health scanner — no account, no api key, no config
|
|
28
|
+
|
|
29
|
+
```
|
|
30
|
+
$ depwise scan ~/netbox-test
|
|
31
|
+
|
|
32
|
+
depwise — dependency health scanner
|
|
33
|
+
|
|
34
|
+
dir ~/netbox-test
|
|
35
|
+
reading requirements.txt, pyproject.toml
|
|
36
|
+
|
|
37
|
+
scanning 45 packages...
|
|
38
|
+
|
|
39
|
+
Django@6.0.5 high 5 CVEs fix: 5.2.15
|
|
40
|
+
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15
|
|
41
|
+
PYSEC-2026-200, PYSEC-2026-198 +3 more
|
|
42
|
+
|
|
43
|
+
colorama@0.4.6 abandoned
|
|
44
|
+
No updates in 3 years
|
|
45
|
+
|
|
46
|
+
django-graphiql-debug-toolbar@0.2.0 abandoned
|
|
47
|
+
No updates in 4 years
|
|
48
|
+
|
|
49
|
+
1 vulnerable, 2 abandoned, 42 ok
|
|
50
|
+
|
|
51
|
+
to fix:
|
|
52
|
+
pip install Django==5.2.15
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
that's a real scan of [NetBox](https://github.com/netbox-community/netbox) — used in production by NVIDIA, Cloudflare, and thousands of others.
|
|
56
|
+
|
|
57
|
+
## the problem with existing tools
|
|
58
|
+
|
|
59
|
+
`pip-audit` and `npm audit` exist. but:
|
|
60
|
+
|
|
61
|
+
- they audit the wrong environment when you're inside a venv
|
|
62
|
+
- they show 40 CVEs with no context — developers learn to ignore them
|
|
63
|
+
- they don't know if a package is abandoned (no CVE required to be dangerous)
|
|
64
|
+
- they're single-language — mixed projects need multiple tools
|
|
65
|
+
|
|
66
|
+
depwise fixes all of this.
|
|
67
|
+
|
|
68
|
+
## install
|
|
69
|
+
|
|
70
|
+
```bash
|
|
71
|
+
pip install depwise
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
no account. no api key. no config file. works immediately.
|
|
75
|
+
|
|
76
|
+
## usage
|
|
77
|
+
|
|
78
|
+
```bash
|
|
79
|
+
# scan current directory
|
|
80
|
+
depwise
|
|
81
|
+
|
|
82
|
+
# scan any directory from anywhere
|
|
83
|
+
depwise scan ./myproject
|
|
84
|
+
depwise scan ~/anyproject
|
|
85
|
+
|
|
86
|
+
# explain a specific package
|
|
87
|
+
depwise why requests
|
|
88
|
+
depwise why flask --version 2.2.0
|
|
89
|
+
|
|
90
|
+
# list all packages found
|
|
91
|
+
depwise list
|
|
92
|
+
|
|
93
|
+
# use in CI/CD — exits with code 1 if issues found
|
|
94
|
+
depwise scan --strict
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
works with:
|
|
98
|
+
- `requirements.txt`
|
|
99
|
+
- `pyproject.toml`
|
|
100
|
+
- `package.json`
|
|
101
|
+
|
|
102
|
+
## what makes it different
|
|
103
|
+
|
|
104
|
+
**detects abandoned packages** — a package with no CVE but no maintainer is still a risk. depwise checks last commit dates and deprecation notices. existing tools don't.
|
|
105
|
+
|
|
106
|
+
**right environment** — automatically detects your active venv and scans that. pip-audit scans the wrong python when you're inside a venv.
|
|
107
|
+
|
|
108
|
+
**one output** — python and javascript in the same project, one scan, one report.
|
|
109
|
+
|
|
110
|
+
**zero noise** — shows what matters. one line per package. plain english.
|
|
111
|
+
|
|
112
|
+
**zero dependencies** — pure python stdlib. nothing to break. works everywhere python works.
|
|
113
|
+
|
|
114
|
+
## how it works
|
|
115
|
+
|
|
116
|
+
- reads your dependency files
|
|
117
|
+
- detects your active virtual environment automatically
|
|
118
|
+
- queries [OSV](https://osv.dev) for known CVEs — free, no key needed
|
|
119
|
+
- checks PyPI and npm registry for abandoned/deprecated packages
|
|
120
|
+
- shows you what matters, not everything
|
|
121
|
+
|
|
122
|
+
## license
|
|
123
|
+
|
|
124
|
+
MIT
|
depheal-0.1.0/README.md
ADDED
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
# depwise
|
|
2
|
+
|
|
3
|
+
dependency health scanner — no account, no api key, no config
|
|
4
|
+
|
|
5
|
+
```
|
|
6
|
+
$ depwise scan ~/netbox-test
|
|
7
|
+
|
|
8
|
+
depwise — dependency health scanner
|
|
9
|
+
|
|
10
|
+
dir ~/netbox-test
|
|
11
|
+
reading requirements.txt, pyproject.toml
|
|
12
|
+
|
|
13
|
+
scanning 45 packages...
|
|
14
|
+
|
|
15
|
+
Django@6.0.5 high 5 CVEs fix: 5.2.15
|
|
16
|
+
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15
|
|
17
|
+
PYSEC-2026-200, PYSEC-2026-198 +3 more
|
|
18
|
+
|
|
19
|
+
colorama@0.4.6 abandoned
|
|
20
|
+
No updates in 3 years
|
|
21
|
+
|
|
22
|
+
django-graphiql-debug-toolbar@0.2.0 abandoned
|
|
23
|
+
No updates in 4 years
|
|
24
|
+
|
|
25
|
+
1 vulnerable, 2 abandoned, 42 ok
|
|
26
|
+
|
|
27
|
+
to fix:
|
|
28
|
+
pip install Django==5.2.15
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
that's a real scan of [NetBox](https://github.com/netbox-community/netbox) — used in production by NVIDIA, Cloudflare, and thousands of others.
|
|
32
|
+
|
|
33
|
+
## the problem with existing tools
|
|
34
|
+
|
|
35
|
+
`pip-audit` and `npm audit` exist. but:
|
|
36
|
+
|
|
37
|
+
- they audit the wrong environment when you're inside a venv
|
|
38
|
+
- they show 40 CVEs with no context — developers learn to ignore them
|
|
39
|
+
- they don't know if a package is abandoned (no CVE required to be dangerous)
|
|
40
|
+
- they're single-language — mixed projects need multiple tools
|
|
41
|
+
|
|
42
|
+
depwise fixes all of this.
|
|
43
|
+
|
|
44
|
+
## install
|
|
45
|
+
|
|
46
|
+
```bash
|
|
47
|
+
pip install depwise
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
no account. no api key. no config file. works immediately.
|
|
51
|
+
|
|
52
|
+
## usage
|
|
53
|
+
|
|
54
|
+
```bash
|
|
55
|
+
# scan current directory
|
|
56
|
+
depwise
|
|
57
|
+
|
|
58
|
+
# scan any directory from anywhere
|
|
59
|
+
depwise scan ./myproject
|
|
60
|
+
depwise scan ~/anyproject
|
|
61
|
+
|
|
62
|
+
# explain a specific package
|
|
63
|
+
depwise why requests
|
|
64
|
+
depwise why flask --version 2.2.0
|
|
65
|
+
|
|
66
|
+
# list all packages found
|
|
67
|
+
depwise list
|
|
68
|
+
|
|
69
|
+
# use in CI/CD — exits with code 1 if issues found
|
|
70
|
+
depwise scan --strict
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
works with:
|
|
74
|
+
- `requirements.txt`
|
|
75
|
+
- `pyproject.toml`
|
|
76
|
+
- `package.json`
|
|
77
|
+
|
|
78
|
+
## what makes it different
|
|
79
|
+
|
|
80
|
+
**detects abandoned packages** — a package with no CVE but no maintainer is still a risk. depwise checks last commit dates and deprecation notices. existing tools don't.
|
|
81
|
+
|
|
82
|
+
**right environment** — automatically detects your active venv and scans that. pip-audit scans the wrong python when you're inside a venv.
|
|
83
|
+
|
|
84
|
+
**one output** — python and javascript in the same project, one scan, one report.
|
|
85
|
+
|
|
86
|
+
**zero noise** — shows what matters. one line per package. plain english.
|
|
87
|
+
|
|
88
|
+
**zero dependencies** — pure python stdlib. nothing to break. works everywhere python works.
|
|
89
|
+
|
|
90
|
+
## how it works
|
|
91
|
+
|
|
92
|
+
- reads your dependency files
|
|
93
|
+
- detects your active virtual environment automatically
|
|
94
|
+
- queries [OSV](https://osv.dev) for known CVEs — free, no key needed
|
|
95
|
+
- checks PyPI and npm registry for abandoned/deprecated packages
|
|
96
|
+
- shows you what matters, not everything
|
|
97
|
+
|
|
98
|
+
## license
|
|
99
|
+
|
|
100
|
+
MIT
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: depheal
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: dependency health scanner — cross-language, offline-first, no account needed
|
|
5
|
+
Author: Prince
|
|
6
|
+
License: MIT
|
|
7
|
+
Project-URL: Homepage, https://github.com/prince0x/depwise
|
|
8
|
+
Project-URL: Repository, https://github.com/prince0x/depwise
|
|
9
|
+
Project-URL: Issues, https://github.com/prince0x/depwise/issues
|
|
10
|
+
Keywords: dependencies,security,audit,CVE,devtools
|
|
11
|
+
Classifier: Development Status :: 3 - Alpha
|
|
12
|
+
Classifier: Environment :: Console
|
|
13
|
+
Classifier: Intended Audience :: Developers
|
|
14
|
+
Classifier: License :: OSI Approved :: MIT License
|
|
15
|
+
Classifier: Programming Language :: Python :: 3
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
17
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
18
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
19
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
20
|
+
Classifier: Topic :: Security
|
|
21
|
+
Classifier: Topic :: Software Development :: Libraries :: Python Modules
|
|
22
|
+
Requires-Python: >=3.10
|
|
23
|
+
Description-Content-Type: text/markdown
|
|
24
|
+
|
|
25
|
+
# depwise
|
|
26
|
+
|
|
27
|
+
dependency health scanner — no account, no api key, no config
|
|
28
|
+
|
|
29
|
+
```
|
|
30
|
+
$ depwise scan ~/netbox-test
|
|
31
|
+
|
|
32
|
+
depwise — dependency health scanner
|
|
33
|
+
|
|
34
|
+
dir ~/netbox-test
|
|
35
|
+
reading requirements.txt, pyproject.toml
|
|
36
|
+
|
|
37
|
+
scanning 45 packages...
|
|
38
|
+
|
|
39
|
+
Django@6.0.5 high 5 CVEs fix: 5.2.15
|
|
40
|
+
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15
|
|
41
|
+
PYSEC-2026-200, PYSEC-2026-198 +3 more
|
|
42
|
+
|
|
43
|
+
colorama@0.4.6 abandoned
|
|
44
|
+
No updates in 3 years
|
|
45
|
+
|
|
46
|
+
django-graphiql-debug-toolbar@0.2.0 abandoned
|
|
47
|
+
No updates in 4 years
|
|
48
|
+
|
|
49
|
+
1 vulnerable, 2 abandoned, 42 ok
|
|
50
|
+
|
|
51
|
+
to fix:
|
|
52
|
+
pip install Django==5.2.15
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
that's a real scan of [NetBox](https://github.com/netbox-community/netbox) — used in production by NVIDIA, Cloudflare, and thousands of others.
|
|
56
|
+
|
|
57
|
+
## the problem with existing tools
|
|
58
|
+
|
|
59
|
+
`pip-audit` and `npm audit` exist. but:
|
|
60
|
+
|
|
61
|
+
- they audit the wrong environment when you're inside a venv
|
|
62
|
+
- they show 40 CVEs with no context — developers learn to ignore them
|
|
63
|
+
- they don't know if a package is abandoned (no CVE required to be dangerous)
|
|
64
|
+
- they're single-language — mixed projects need multiple tools
|
|
65
|
+
|
|
66
|
+
depwise fixes all of this.
|
|
67
|
+
|
|
68
|
+
## install
|
|
69
|
+
|
|
70
|
+
```bash
|
|
71
|
+
pip install depwise
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
no account. no api key. no config file. works immediately.
|
|
75
|
+
|
|
76
|
+
## usage
|
|
77
|
+
|
|
78
|
+
```bash
|
|
79
|
+
# scan current directory
|
|
80
|
+
depwise
|
|
81
|
+
|
|
82
|
+
# scan any directory from anywhere
|
|
83
|
+
depwise scan ./myproject
|
|
84
|
+
depwise scan ~/anyproject
|
|
85
|
+
|
|
86
|
+
# explain a specific package
|
|
87
|
+
depwise why requests
|
|
88
|
+
depwise why flask --version 2.2.0
|
|
89
|
+
|
|
90
|
+
# list all packages found
|
|
91
|
+
depwise list
|
|
92
|
+
|
|
93
|
+
# use in CI/CD — exits with code 1 if issues found
|
|
94
|
+
depwise scan --strict
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
works with:
|
|
98
|
+
- `requirements.txt`
|
|
99
|
+
- `pyproject.toml`
|
|
100
|
+
- `package.json`
|
|
101
|
+
|
|
102
|
+
## what makes it different
|
|
103
|
+
|
|
104
|
+
**detects abandoned packages** — a package with no CVE but no maintainer is still a risk. depwise checks last commit dates and deprecation notices. existing tools don't.
|
|
105
|
+
|
|
106
|
+
**right environment** — automatically detects your active venv and scans that. pip-audit scans the wrong python when you're inside a venv.
|
|
107
|
+
|
|
108
|
+
**one output** — python and javascript in the same project, one scan, one report.
|
|
109
|
+
|
|
110
|
+
**zero noise** — shows what matters. one line per package. plain english.
|
|
111
|
+
|
|
112
|
+
**zero dependencies** — pure python stdlib. nothing to break. works everywhere python works.
|
|
113
|
+
|
|
114
|
+
## how it works
|
|
115
|
+
|
|
116
|
+
- reads your dependency files
|
|
117
|
+
- detects your active virtual environment automatically
|
|
118
|
+
- queries [OSV](https://osv.dev) for known CVEs — free, no key needed
|
|
119
|
+
- checks PyPI and npm registry for abandoned/deprecated packages
|
|
120
|
+
- shows you what matters, not everything
|
|
121
|
+
|
|
122
|
+
## license
|
|
123
|
+
|
|
124
|
+
MIT
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
README.md
|
|
2
|
+
pyproject.toml
|
|
3
|
+
./depwise/__init__.py
|
|
4
|
+
./depwise/checker.py
|
|
5
|
+
./depwise/cli.py
|
|
6
|
+
./depwise/reporter.py
|
|
7
|
+
./depwise/scanner.py
|
|
8
|
+
depheal.egg-info/PKG-INFO
|
|
9
|
+
depheal.egg-info/SOURCES.txt
|
|
10
|
+
depheal.egg-info/dependency_links.txt
|
|
11
|
+
depheal.egg-info/entry_points.txt
|
|
12
|
+
depheal.egg-info/top_level.txt
|
|
13
|
+
depwise/__init__.py
|
|
14
|
+
depwise/checker.py
|
|
15
|
+
depwise/cli.py
|
|
16
|
+
depwise/reporter.py
|
|
17
|
+
depwise/scanner.py
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
|