Most dependency scanners are themselves a dependency problem.
You install safety or pip-audit and suddenly you're pulling in 12 packages just to check if your 3 packages are safe. That always bothered me.
So I built Depheal. It scans your requirements.txt and package.json for known CVEs and abandoned packages — and it has zero dependencies. Pure Python stdlib. Nothing else.
pip install depheal
depwise scan .






