depenemy is an open-source CLI tool that scans project dependencies to identify security risks in the software supply chain. Below are 7 code review & quality apps with similar functionality to depenemy, matched by what each product actually does — not ranked or scored. Explore each to find the closest fit for your use case.
Supply chain attack scanner for PyPI packages — static AST + dynamic sandbox analysis before install
Cross-language dependency age analyzer — scan lock files for staleness, CVEs, and update urgency
depheal is an open-source command-line tool that scans and audits software dependencies for security vulnerabilities and health issues. It supports multiple programming languages, works offline, and helps developers maintain secure and healthy projects by detecting CVEs and other risks.
DepsGuard is a command-line interface (CLI) tool designed to help users protect their project dependencies from supply chain attacks. It addresses the risks posed by compromised packages and malicious code introduced through popular package managers by scanning configuration files and enabling security best practices. The tool is intended for developers or teams concerned about the security of their software supply chain, particularly those using npm, pnpm, yarn, bun, aube, uv, pip, and poetry. The platform operates through an interactive terminal user interface (TUI). Upon running DepsGuard in the terminal, it scans the system and presents a table of findings related to security settings in package manager configurations. Users can navigate through suggested fixes, preview changes with a diff view, and selectively apply or skip recommended adjustments. The tool supports repo-level configuration discovery, recursive directory searches, and user-level config checks. It also provides features for filtering, bulk selection by file type, and viewing only currently selected fixes. Before making changes, DepsGuard creates timestamped backups, allowing users to restore previous states if needed. After applying fixes, it automatically rescans to verify that all issues have been addressed. DepsGuard checks for and helps enable a range of security settings, such as delaying adoption of new package versions, blocking install scripts, preventing untrusted transitive dependencies, enforcing provenance policies, and failing on unreviewed build scripts. It supports multiple package managers and configuration formats, with detailed support for npm, pnpm, yarn, and others. The tool is compatible with macOS, Linux, and Windows, and can be installed via Homebrew, APT, WinGet, Scoop, Cargo, or by downloading direct binaries. It requires no external dependencies. The tool is distributed under the MIT license, making it open source. Its installation and usage instructions, along with troubleshooting and documentation, are provided in the README. DepsGuard is positioned as a security-focused CLI utility for proactively managing and securing software dependencies against evolving supply chain threats.
depstree is an open-source CLI tool for analyzing and visualizing dependencies in Python, Node, Rust, Go, Java, Ruby, and PHP projects. It generates SBOMs and helps developers and DevOps teams audit supply chains for security and compliance.
A zero dependency lightweight static analyzer designed for adversarial-shape code in python to detect supply chain attacks before they reach your interpreter.
depwatch-cli is an open-source command-line tool that scans software dependencies for health and security risks. It integrates with GitHub and provides developers with actionable insights to maintain secure and reliable codebases.