Dependency Analysis

SyftGo

A CLI tool and Go library for generating Software Bill of Materials (SBOM) from container images and filesystems.

syftGo

A CLI tool and Go library for generating Software Bill of Materials (SBOM) from container images and filesystems.

scorecardGo

Automated security health metrics for open source projects, assessing security best practices and risks.

retire.jsJavaScript

A scanner that detects JavaScript libraries with known vulnerabilities and can generate a Software Bill of Materials (SBOM).

cost-of-modulesJavaScript

Analyze npm dependencies to identify which ones are causing bloat and slowing down install times.

go-size-analyzerGo

A tool for analyzing the size of compiled Go binaries with detailed breakdowns, cross-platform support, and multiple output formats.

cargo-geigerRust

A cargo plugin that detects and reports usage of unsafe Rust code in crates and their dependencies.

ComposerRequireCheckerPHP

A CLI tool that detects soft dependencies in PHP projects by checking for symbols not declared in composer.json.

cpp-dependenciesC++

A command-line tool that analyzes C++ #include dependencies and generates dependency graphs in .dot format for visualization.

brooks-lintJavaScript

AI-powered code review tool that diagnoses six architectural decay risks using insights from ten classic software engineering books.

dependTypeScript

An ESLint plugin that suggests dependency optimizations, native alternatives, and detects redundant polyfills.

deps.rsSass

A service that shows at a glance if your Rust dependencies are out of date or insecure.

package-sizeJavaScript

Get the bundle size of npm packages by installing and bundling them with Webpack.

NsDepCopC#

A static code analysis tool that enforces namespace and assembly dependency rules in C# projects.

DependsJava

A fast, extensible multi-language dependency extraction tool for code analysis and visualization.

Rev-depGo

A high-speed static analysis tool for enforcing dependency graph hygiene and removing unused code in JavaScript/TypeScript projects.

crateryRust

A lightweight private cargo registry with batteries included, built for organizations, featuring docs generation and dependency analysis.

CraftQLRust

A CLI tool to visualize GraphQL schemas and output them as Graphviz .dot format for dependency analysis.

coq-dpdgraphOCaml

A Coq plugin that extracts dependency graphs between Coq objects and provides tools for visualization and analysis.

flowRTypeScript

A sophisticated static dataflow analysis framework for the R programming language, enabling code linting, program slicing, and dependency analysis.

cargo-couplingRust

A Rust tool that analyzes coupling in codebases using Vlad Khononov's three-dimensional framework to measure integration strength, distance, and volatility.

ICanHasDotnetCoreC#

Scans packages.config files or GitHub repositories to determine if NuGet packages target .NET Standard.