Metadata-Version: 2.4
Name: dep-detective
Version: 0.1.0
Summary: CLI tool that scans project dependencies for health issues
Author: Hiren Thakore
License: MIT
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: click>=8.1
Requires-Dist: rich>=13.0
Requires-Dist: requests>=2.28
Provides-Extra: dev
Requires-Dist: pytest>=7.0; extra == "dev"
Requires-Dist: pytest-mock>=3.10; extra == "dev"
Dynamic: license-file

# dep-detective 🔍

A CLI tool that scans your project dependencies for health issues. Works with npm and Python projects.

## Installation

```bash
pip install dep-detective
```

Or from source:
```bash
git clone https://github.com/hiren-thakore/dep-detective.git
cd dep-detective
pip install -e .
```

## Usage

```bash
# Scan current project
dep-detective scan

# JSON output
dep-detective scan --json

# Skip security checks (faster)
dep-detective scan --no-security

# Skip size checks
dep-detective scan --no-size

# Scan a specific directory
dep-detective scan --dir /path/to/project

# Full markdown report
dep-detective report

# HTML report
dep-detective report --format html

# Ignore a package
dep-detective ignore lodash

# Watch mode (re-scan on file changes)
dep-detective monitor

# CI mode (exit 1 if critical issues)
dep-detective ci
```

## What it checks

- **⚠️ Abandoned deps** — No commits in 12+ months on GitHub
- **🔴 Security** — Known CVEs via OSV API
- **📦 Size** — Oversized packages via Bundlephobia/PyPI
- **🟡 Duplicates** — Overlapping functionality (lodash + underscore, etc.)
- **📜 License** — GPL in MIT project, etc.
- **📅 Outdated** — Major versions behind
- **🔓 Missing lockfiles** — No package-lock.json, Pipfile.lock, etc.

## Supported Ecosystems

| Ecosystem | Files |
|-----------|-------|
| npm | package.json, package-lock.json |
| Python | requirements.txt, pyproject.toml |

More coming soon: Rust (Cargo.toml), Go (go.mod), Ruby (Gemfile).

## Configuration

Create a `.dep-detective-ignore` file in your project root:

```
# Ignore these packages
lodash
moment
```

## Example Output

```
🔍 Scanning project...

╭── Dependencies (47 found) ───────────────────────────────────────╮
│                                                                    │
│ ⚠️  ABANDONED (1)                                                 │
│ └─ request@2.88.2           Last commit: 1.3 years ago            │
│                                                                    │
│ 🔴 SECURITY (1)                                                   │
│ └─ axios@0.21.1             CVE-2023-XXXX (medium)                │
│                                                                    │
│ 📦 SIZE (1)                                                      │
│ └─ moment@2.29.4            4.6MB (consider date-fns: 13KB)       │
│                                                                    │
╰────────────────────────────────────────────────────────────────────╯

Score: C+ (72/100) — 3 issues found, 1 critical
```

## License

MIT © Hiren Thakore
