OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

Manage third-party license compliance in your Rollup or Vite builds. Automatically discover every dependency, extract its license info, fail builds with disallowed licenses, and generate a complete “bill-of-materials” in JSON, HTML, CSV or custom formats.

List installed Python packages by on-disk size (largest first). Zero dependencies. Ideal for cleaning bloated global/site-packages installs.

Solana-specific dependency auditor. Catches abandoned packages, deprecated SDKs, and malicious packages that npm audit misses.

Open-source CVE lookup tool for software packages. Check vulnerabilities, CVSS scores, version age, and latest releases across 8 ecosystems using OSV.dev.

CLI to scan project dependencies and produce a single HTML report

Dependency audit, vulnerability scanning & license compliance. 10 package managers, 100% local, zero telemetry.

A binary tool that checks if vulnerability reports from dep-scan meet predefined security thresholds.

Scans your project's dependencies and flags zombie packages — abandoned, outdated, or imported-but-unused — before they become a security or maintenance nightmare