Dependency Analysis
Upload dependency files to detect outdated packages, known vulnerabilities, and version drift across your projects.
Supported Ecosystems
| Ecosystem | Supported Files | Identifier |
|---|---|---|
| Node.js | package.json | NODEJS |
| Python | requirements.txt, pyproject.toml, Pipfile | PYTHON |
| .NET | *.csproj | DOTNET |
| Rust | Cargo.toml | RUST |
| Go | go.mod | GO |
| Java | pom.xml | JAVA |
| Kotlin | build.gradle.kts, libs.versions.toml | KOTLIN |
| Ruby | Gemfile | RUBY |
| PHP | composer.json | PHP |
The ecosystem is auto-detected from the file name. You can override it manually if needed.
Running an Analysis
Web UI
- Open your project and go to the Analysis tab.
- Click New Analysis and upload a dependency file or paste its contents.
- Click Analyze.
CLI
depvault analyze [--file <path>]| Flag | Description | Default |
|---|---|---|
--file | Path to the dependency file. Auto-detects in current directory when omitted. | Auto-detected |
--ecosystem | Override auto-detected ecosystem. | Auto-detected |
--output | Output format: table or json. | table |
# Auto-detect dependency files in current directory
depvault analyze
# Specify a file explicitly
depvault analyze --file package.json
# Override ecosystem detection
depvault analyze --file deps.txt --ecosystem PYTHON
# JSON output for scripting
depvault analyze --file Cargo.toml --output jsonIn interactive mode, when --file is omitted the CLI scans the current directory for dependency files and prompts you to select one.
Requires an active project. Set one with
depvault project select <id>.
Understanding Results
Status Chips
| Status | Meaning |
|---|---|
| MAJOR | Major version update available — may include breaking changes. |
| MINOR | Minor update — typically backward-compatible new features. |
| PATCH | Patch update — bug fixes only. |
| UP TO DATE | On the latest version. |
Vulnerability Badges
| Severity | Color | Description |
|---|---|---|
| CRITICAL | Red | Actively exploited or trivially exploitable. |
| HIGH | Orange | Significant risk — address promptly. |
| MEDIUM | Yellow | Moderate risk — plan to address soon. |
| LOW | Blue | Minimal risk. |
Re-Analyzing and History
Click Re-Analyze on any existing analysis to check for new updates or newly disclosed vulnerabilities without re-uploading the file.
The Analysis tab stores a history of all runs. You can view past results, compare between runs, and delete old analyses.