Metadata-Version: 2.4
Name: depswiz
Version: 0.2.0
Summary: Multi-language dependency wizard - check, audit, and update dependencies across Python, Rust, Dart, and JavaScript ecosystems
Project-URL: Homepage, https://github.com/moinsen-dev/depswiz
Project-URL: Documentation, https://moinsen-dev.github.io/depswiz
Project-URL: Repository, https://github.com/moinsen-dev/depswiz
Project-URL: Issues, https://github.com/moinsen-dev/depswiz/issues
Author: depswiz contributors
License-Expression: MIT
License-File: LICENSE
Keywords: audit,dart,dependencies,javascript,monorepo,python,rust,sbom,security,typescript,vulnerability
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Build Tools
Classifier: Topic :: Software Development :: Quality Assurance
Classifier: Typing :: Typed
Requires-Python: >=3.13
Requires-Dist: anyio>=4.0.0
Requires-Dist: cyclonedx-python-lib>=11.0.0
Requires-Dist: diskcache>=5.6.0
Requires-Dist: httpx>=0.27.0
Requires-Dist: packaging>=24.0
Requires-Dist: pyyaml>=6.0.0
Requires-Dist: rich>=13.9.0
Requires-Dist: semver>=3.0.0
Requires-Dist: typer>=0.15.0
Provides-Extra: dev
Requires-Dist: mypy>=1.13.0; extra == 'dev'
Requires-Dist: pre-commit>=4.0.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.24.0; extra == 'dev'
Requires-Dist: pytest-cov>=5.0.0; extra == 'dev'
Requires-Dist: pytest>=8.0.0; extra == 'dev'
Requires-Dist: ruff>=0.8.0; extra == 'dev'
Provides-Extra: docs
Requires-Dist: mkdocs-material>=9.5.0; extra == 'docs'
Requires-Dist: mkdocs>=1.6.0; extra == 'docs'
Description-Content-Type: text/markdown

# depswiz

**Dependency Wizard** - A multi-language dependency management CLI tool for modern development workflows.

[![PyPI version](https://img.shields.io/pypi/v/depswiz.svg)](https://pypi.org/project/depswiz/)
[![Python 3.13+](https://img.shields.io/badge/python-3.13+-blue.svg)](https://www.python.org/downloads/)
[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](https://opensource.org/licenses/MIT)
[![CI](https://github.com/moinsen-dev/depswiz/actions/workflows/ci.yml/badge.svg)](https://github.com/moinsen-dev/depswiz/actions/workflows/ci.yml)
[![Documentation](https://img.shields.io/badge/docs-GitHub%20Pages-blue)](https://moinsen-dev.github.io/depswiz/)

## Features

- **Multi-Language Support**: Python, Rust, Dart/Flutter, JavaScript/TypeScript
- **Vulnerability Scanning**: Integrated with OSV, GitHub Advisories, RustSec
- **License Compliance**: SPDX-based license checking with configurable policies
- **SBOM Generation**: CycloneDX 1.6 and SPDX 3.0 formats
- **Monorepo Support**: Auto-detect workspaces across all ecosystems
- **Development Tools Checking**: Check if Node, Python, Rust, Dart, Flutter, uv, etc. are up to date
- **AI-Powered Suggestions**: Claude Code integration for intelligent upgrade strategies
- **Beautiful CLI**: Rich output with tables, progress bars, and colors
- **Plugin Architecture**: Extensible via Python entry points

## Installation

```bash
# Using pip
pip install depswiz

# Using uv (recommended)
uv add depswiz

# From source
git clone https://github.com/moinsen-dev/depswiz.git
cd depswiz
pip install -e .
```

## Quick Start

```bash
# Check for outdated dependencies
depswiz check

# Scan for vulnerabilities
depswiz audit

# Check license compliance
depswiz licenses

# Generate SBOM
depswiz sbom -o sbom.json

# Update dependencies interactively
depswiz update

# Check development tools for updates
depswiz tools

# Get AI-powered upgrade suggestions (requires Claude Code)
depswiz suggest
```

## Commands

### `depswiz check`

Check dependencies for available updates.

```bash
depswiz check                      # Check current directory
depswiz check --workspace          # Check all workspace members
depswiz check -l python -l rust    # Check only Python and Rust
depswiz check --format json        # Output as JSON
depswiz check --fail-outdated      # Exit 1 if outdated packages found
```

### `depswiz audit`

Scan dependencies for known vulnerabilities.

```bash
depswiz audit                      # Audit current directory
depswiz audit --severity high      # Only show high+ severity
depswiz audit --fail-on critical   # Fail on critical vulnerabilities
depswiz audit --ignore CVE-2024-XXX  # Ignore specific vulnerability
```

### `depswiz licenses`

Check license compliance.

```bash
depswiz licenses                   # List all licenses
depswiz licenses --summary         # License distribution only
depswiz licenses --deny GPL-3.0    # Fail on GPL-3.0 licensed packages
```

### `depswiz sbom`

Generate Software Bill of Materials.

```bash
depswiz sbom -o sbom.json          # CycloneDX format (default)
depswiz sbom --format spdx -o sbom.spdx.json
depswiz sbom --include-transitive  # Include transitive dependencies
```

### `depswiz update`

Update dependencies interactively.

```bash
depswiz update                     # Interactive update
depswiz update --dry-run           # Preview changes
depswiz update --strategy patch    # Only patch updates
depswiz update -y                  # Auto-confirm
```

### `depswiz tools`

Check development tools for updates.

```bash
depswiz tools                      # Auto-detect and check relevant tools
depswiz tools --all                # Check all 15 supported tools
depswiz tools -t node -t python    # Check specific tools
depswiz tools --updates-only       # Only show tools with updates
depswiz tools --format json        # JSON output for CI
depswiz tools --upgrade            # Use Claude Code to upgrade tools
```

**Supported Tools:** Node.js, npm, pnpm, Yarn, Bun, Deno, Python, uv, pip, Rust, Cargo, Dart, Flutter, Go, Docker

### `depswiz suggest`

Get AI-powered upgrade suggestions using Claude Code.

```bash
depswiz suggest                    # Full upgrade strategy
depswiz suggest --focus security   # Focus on security vulnerabilities
depswiz suggest --focus quick      # Quick health summary
depswiz suggest --focus toolchain  # Analyze development tools
```

**Note:** Requires [Claude Code CLI](https://claude.ai/code) to be installed.

## Configuration

Create a `depswiz.toml` in your project root:

```toml
[depswiz]
default_format = "cli"

[languages]
enabled = ["python", "rust", "dart", "javascript"]

[check]
recursive = false
workspace = true
strategy = "all"
warn_breaking = true

[audit]
severity_threshold = "low"
fail_on = "high"
sources = ["osv"]

[licenses]
policy_mode = "allow"
allowed = ["MIT", "Apache-2.0", "BSD-3-Clause", "ISC"]
denied = ["GPL-3.0", "AGPL-3.0"]
warn_copyleft = true

[sbom]
format = "cyclonedx"
include_transitive = true
```

Or add to your `pyproject.toml`:

```toml
[tool.depswiz]
default_format = "cli"

[tool.depswiz.audit]
fail_on = "high"
```

## Supported Languages

| Language | Manifest | Lockfile | Registry |
|----------|----------|----------|----------|
| Python | pyproject.toml, requirements.txt | uv.lock, poetry.lock | PyPI |
| Rust | Cargo.toml | Cargo.lock | crates.io |
| Dart/Flutter | pubspec.yaml | pubspec.lock | pub.dev |
| JavaScript/TypeScript | package.json | package-lock.json, yarn.lock | npm |

## Output Formats

- **cli** (default): Rich terminal output with colors and tables
- **json**: Machine-readable JSON
- **markdown**: GitHub-compatible markdown
- **html**: Self-contained HTML report
- **cyclonedx**: CycloneDX 1.6 SBOM
- **spdx**: SPDX 3.0 SBOM

## Plugin Development

Create a new language plugin by implementing `LanguagePlugin`:

```python
from depswiz.plugins.base import LanguagePlugin

class MyPlugin(LanguagePlugin):
    @property
    def name(self) -> str:
        return "mylang"

    @property
    def manifest_patterns(self) -> list[str]:
        return ["myproject.toml"]

    # ... implement other required methods
```

Register via `pyproject.toml`:

```toml
[project.entry-points."depswiz.languages"]
mylang = "my_package:MyPlugin"
```

## CI/CD Integration

### GitHub Actions

```yaml
- name: Security Audit
  run: depswiz audit --fail-on high

- name: License Check
  run: depswiz licenses --fail-on-unknown

- name: Generate SBOM
  run: depswiz sbom -o sbom.json
```

### Exit Codes

- `0`: Success
- `1`: Vulnerabilities or violations found (when using `--fail-*` options)

## Development

```bash
# Clone and install
git clone https://github.com/moinsen-dev/depswiz.git
cd depswiz
pip install -e ".[dev]"

# Run tests
pytest

# Type checking
mypy src/depswiz

# Linting
ruff check src/depswiz
```

## Contributing

Contributions are welcome! Please read our [Contributing Guide](CONTRIBUTING.md) for details.

## License

MIT License - see [LICENSE](LICENSE) for details.

## Acknowledgments

- [OSV](https://osv.dev/) for vulnerability data
- [CycloneDX](https://cyclonedx.org/) and [SPDX](https://spdx.dev/) for SBOM standards
- [Rich](https://github.com/Textualize/rich) and [Typer](https://typer.tiangolo.com/) for beautiful CLI
