npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@avrl/gitdepsec

v0.1.3

Published

CLI tool for analyzing dependency vulnerabilities in your projects

Downloads

306

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

viralcodexviralcodex

Keywords

securityvulnerabilitiesdependenciesnpmpypimavenclidevopsosvcve

Readme

GitDepSec CLI

A powerful CLI tool for analyzing dependency vulnerabilities in your projects. Supports npm, PyPI, Maven, RubyGems, Composer, and Pub.

npm version npm provenance

Installation

# Using npm
npm install -g @avrl/gitdepsec

# Using bun
bun add -g @avrl/gitdepsec

# Or run without installing
npx @avrl/gitdepsec audit
bunx @avrl/gitdepsec audit

Usage

Analyze Local Project

# Analyze package.json in current directory
gds audit

# Analyze specific file
gds audit -f package.json
gds audit -f requirements.txt
gds audit -f pom.xml

# Analyze multiple files
gds audit -f package.json -f requirements.txt

Analyze GitHub Repository

# Public repository
gds audit --repo owner/repo

# Specific branch
gds audit --repo owner/repo --branch develop

# With GitHub token (for private repos or higher rate limits)
gds audit --repo owner/repo --token ghp_xxxxx

Output Formats

# Default: colored table output
gds audit

# JSON output (for piping/scripting)
gds audit --format json

# Markdown output
gds audit --format markdown

# Save to file
gds audit --output report.json --format json

Include Transitive Dependencies

# Transitive scanning is enabled by default
gds audit

# Disable transitive (direct dependencies only)
gds audit --no-transitive

Generate Fix Plan

# Generate fix recommendations
gds fix

# Fix specific file
gds fix -f package.json

# Direct dependencies only
gds fix --no-transitive

# Output as JSON
gds fix --format json

Configuration

Create a .gitdepsecrc or .gitdepsec.json in your project root:

{
  "github_token": "ghp_xxxxx",
  "include_transitive": true,
  "output_format": "table"
}

Or use environment variables:

export GITHUB_TOKEN=ghp_xxxxx
export GDS_INCLUDE_TRANSITIVE=true
export GDS_OUTPUT_FORMAT=table

Commands

| Command | Description | | --------------- | ---------------------------------------- | | gds audit | Analyze dependencies for vulnerabilities | | gds fix | Generate fix recommendations | | gds init | Create configuration file | | gds --version | Show version | | gds --help | Show help |

CLI Options Reference

gds audit

| Option | Description | | ----------------------- | ------------------------------------------ | | -f, --file <files...> | Manifest file(s) to analyze | | -r, --repo <repo> | GitHub repository in owner/repo format | | -b, --branch <branch> | Branch to analyze | | -t, --token <token> | GitHub personal access token | | --no-transitive | Disable transitive dependency scanning | | --format <format> | Output format: table, json, markdown | | -o, --output <file> | Save output to file | | -q, --quiet | Minimal output | | -v, --verbose | Verbose output |

gds fix

| Option | Description | | ----------------------- | ------------------------------------------ | | -f, --file <files...> | Manifest file(s) to generate fixes for | | -r, --repo <repo> | GitHub repository in owner/repo format | | -b, --branch <branch> | Branch to analyze | | -t, --token <token> | GitHub personal access token | | --no-transitive | Disable transitive dependency scanning | | --format <format> | Output format: table, json, markdown | | -o, --output <file> | Save output to file |

Supported Ecosystems

  • npm - package.json
  • PyPI - requirements.txt
  • Maven - pom.xml
  • RubyGems - Gemfile
  • Composer - composer.json
  • Pub - pubspec.yaml

Exit Codes

For gds audit:

| Code | Description | | ---- | --------------------------------- | | 0 | Success, no vulnerabilities found | | 1 | Vulnerabilities found | | 2 | Error during audit |

For gds fix:

  • 0: Fix plan generated
  • 2: Error during fix plan generation

AI Harness Usage (Terminal)

Use the CLI directly from your AI harness/tool and consume structured JSON output.

# Analyze local manifests as JSON
gds audit --format json

# Analyze a specific repo and save JSON output
gds audit --repo owner/repo --format json --output report.json

# Generate fix plan as JSON
gds fix --format json

License

MIT