A CLI tool to check dependency versions across different package ecosystems and identify security vulnerabilities.
go install github.com/harekrishnarai/depcheck@latestdepcheck check express 4.18.2depcheck file package.jsondepcheck file package-lock.json- Node.js
- package.json
- package-lock.json (improved accuracy with exact versions)
- yarn.lock
- npm-shrinkwrap.json
- Python (requirements.txt)
- More coming soon...
- Check if specific package versions exist
- Bulk check dependencies from package files
- Support for lock files for more accurate version information
- Transitive dependency analysis (detects nested dependencies)
- Security vulnerability scanning with accurate CVSS scores
- Detailed severity information from multiple sources (OSV.dev, deps.dev)
- Support for multiple package ecosystems
- Detailed version information
- Vulnerability scanning from multiple sources
- Accurate CVSS score parsing from vector strings
- Proper severity classification (Critical, High, Medium, Low)
- Detects deprecated packages
- Shows fixed version information
To build and run locally:
go build
./depcheck --help- Added support for direct lock file analysis
- Implemented transitive dependency detection
- Enhanced CVSS vector parsing for accurate vulnerability scores
- Improved handling of GitHub Security Advisories