Security · 2h ago
Zero-dependency CVE scanner for Python and Node launches
Developer built Depheal, a dependency scanner that checks requirements.txt and package.json for known CVEs and abandoned packages using only Python stdlib. It hits the OSV.dev API and detects packages with no updates in 3+ years. The tool caught a real CVE in its own codebase within seconds.
Meridian48 take
The zero-dependency approach reduces attack surface, but the tool's early version had a silent failure mode that could mislead users into thinking they were safe.
Read the full reporting
I built a CVE scanner for Python/Node with zero dependencies. Here's why that matters. →
DEV Community
cve-scanneropen-source-tools