Dependency Tree
Visualize the full dependency graph to understand transitive dependencies and identify conflicts.
Accessing the Tree
Open a completed analysis from the Analysis tab and click Dependency Tree. The tree displays your root project node at the center with direct dependencies radiating outward.
Node Color Coding
| Color | Meaning |
|---|---|
| Green | No known vulnerabilities. |
| Yellow | Medium or low-severity advisories. |
| Red | Critical or high-severity vulnerabilities — immediate attention recommended. |
Transitive nodes inherit the highest severity of their own advisories.
Navigation
- Expand/Collapse — Click the arrow on any node to show or hide its children. Only direct dependencies are expanded by default.
- Collapse All / Expand All — Toolbar buttons to reset or fully expand the tree.
- Search — Type a package name to highlight matches. Use Next/Previous to cycle through results. Ancestor nodes are auto-expanded.
- Zoom/Pan — Use
+/-buttons, scroll wheel, or click-and-drag. A minimap shows your viewport position.
Node Detail Panel
Click any node to see its details:
| Field | Description |
|---|---|
| Installed Version | Version resolved in your project. |
| Latest Version | Newest available version. |
| License | SPDX license identifier. |
| CVE IDs | Known CVEs for the installed version. |
| Fixed Version | Minimum version resolving each CVE. |
| Changelog Link | Link to release notes for the fix. |
| Dependents | Packages in your project that depend on this node. |
Interpreting the Tree
- Direct dependencies connect to the root node. Everything below is transitive.
- Conflict icons appear when two branches require different versions of the same package.
- Depth badges show nesting level — dependencies at depth 5+ increase supply chain risk.