Available Now

depguard

Stop shipping abandoned Python dependencies.

depguard scans requirements.txt, reads public PyPI metadata, and classifies each dependency as low / medium / high maintenance risk using deterministic, documented rules. It then exits non-zero when findings exceed your configured threshold.

Not a CVE scanner. Not a license scanner. Not a SaaS. Just a CI-friendly maintenance-risk signal.

Buy on Gumroad ($19) See How It Works Example Output
CLI Example
depguard scan requirements.txt \
  --fail-on medium

Deterministic Rules

Explainable tiers with stable outputs: low, medium, high. No black-box scoring.

CI-Friendly Exit Codes

0 pass, 1 medium threshold triggered (no high), 2 high triggered (or fatal error).

No Platform Overhead

No dashboard, no database, no telemetry. Run it in your repo and pipeline.

How it works

  1. Parse package names from requirements.txt.
  2. Fetch public package metadata from PyPI.
  3. Compute maintenance signals (release age, cadence, maintainer proxy).
  4. Classify risk and exit non-zero when your threshold is exceeded.

Example output

depguard scan: requirements.txt
packages: 3
threshold: medium
- oldlib: HIGH
  signals: days_since_last_release=812, releases_last_12_months=0, maintainer_count=1, pre_1_0=false
  reasons:
    - 812 days since last release (> 730)
summary: high=1 medium=0 low=2 error=0

What you get

  • depguard CLI package
  • Quickstart documentation (INSTALL.md)
  • CI usage examples
  • Docker-based GitHub Action
  • Commercial license

Use cases

Pull request guardrails

Catch maintenance-risk regressions during dependency updates before merge.

Release gate checks

Add a deterministic policy step to your release workflow without adopting another platform.

Buy depguard on Gumroad ($19) Back to top

Refund policy: 7 days if depguard is non-functional in your environment and support cannot resolve the issue.