Most dependency scanners are themselves a dependency problem.

You install safety or pip-audit and suddenly you're pulling in 12 packages just to check if your 3 packages are safe. That always bothered me.

So I built Depheal. It scans your requirements.txt and package.json for known CVEs and abandoned packages — and it has zero dependencies. Pure Python stdlib. Nothing else.

pip install depheal

depwise scan .