Skip to content

releaserun CLI

v1.0.0

Scan your project for end-of-life dependencies, known CVEs, and version health issues. Get an A-F health grade for your entire stack in one command.

Install from npm View Source
bash 
$ npx releaserun check

No install required. Runs with npx. Needs Node.js 18+.

What You Get

Point it at any project directory. It finds your dependency files, checks every technology against live EOL and CVE data, and gives you a grade.

output 
  releaserun v1.0.0 — Stack Health Check

  Scanning /Users/dev/myproject...
  Found 5 technologies

  ┌─────────────┬─────────┬────────┬──────┬───────┐
   Technology   Version  EOL     CVEs  Grade 
  ├─────────────┼─────────┼────────┼──────┼───────┤
   Node.js      18.0     Apr 25  0     F     
   React        18.2     --      0     A     
   Python       3.9      Oct 25  3     F     
   Django       4.2      Apr 26  0     D     
   Express      4.18     --      0     A     
  └─────────────┴─────────┴────────┴──────┴───────┘

  Overall Grade: F (2 of 5 technologies need attention)

  ! Node.js 18.0 has reached EOL. Upgrade recommended.
  ! Django 4.2 is approaching EOL. Plan an upgrade.

Install

Run without installing

bash 
$ npx releaserun check

Install globally

bash 
$ npm install -g releaserun

Commands

releaserun check

Scan a directory for dependency files and report health status for every detected technology.

bash 
$ releaserun check                    # scan current directory
$ releaserun check --path ./my-app    # scan a specific directory
$ releaserun check --json             # JSON output for scripting
$ releaserun check --fail-on D        # exit non-zero if anything grades D or worse
$ releaserun check --verbose          # show API calls and timing

releaserun badges

Auto-detect your stack and generate ReleaseRun badges for your README.

bash 
$ releaserun badges                          # health badges (default)
$ releaserun badges --badge-type eol         # EOL status badges
$ releaserun badges --badge-type cve         # CVE count badges

Markdown is copied to your clipboard automatically. Paste it straight into your README.

releaserun ci

CI-optimized output. No colors, no table formatting. Built for piping and parsing.

bash 
$ releaserun ci                  # plain text
$ releaserun ci --json           # JSON output
$ releaserun ci --fail-on D      # exit 1 if D, exit 2 if F

CI/CD Integration

Drop it into any pipeline. The --fail-on flag lets you set your own bar for what's acceptable.

yaml 
# GitHub Actions
- name: Check stack health
  run: npx releaserun check --fail-on D

# GitLab CI
stack-check:
  script: npx releaserun check --fail-on D

# Pre-commit hook
npx releaserun check --fail-on F

Exit codes: 0 = all good (B or above), 1 = something grades C or D, 2 = something grades F. Your pipeline, your threshold.

Supported Files

Detects technologies from 10+ file formats. 100+ package-to-technology mappings built in.

JS
package.json
Node.js, React, Express
PY
requirements.txt
Python, Django, Flask
GO
go.mod
Go, Gin, Echo
RS
Cargo.toml
Rust, Actix, Rocket
RB
Gemfile
Ruby, Rails, Sinatra
🐳
Dockerfile
Base image detection
JV
pom.xml
Java, Spring Boot
PHP
composer.json
PHP, Laravel
⚙️
.tool-versions
asdf runtimes

Grading System

A
Fully supported
No CVEs, plenty of runway before EOL
B
Supported
EOL in 6-12 months. Start planning.
C
Approaching EOL
Less than 6 months, or minor CVEs
D
EOL imminent
Less than 3 months, or moderate CVEs
F
Past EOL or high risk
Already end-of-life, or 5+ known CVEs

Related Tools

Prefer a browser-based approach? Try these free tools:

Dependency EOL Scanner
Paste your requirements.txt or package.json
Stack Health Scorecard
Pick your stack, get a health score
Badge Builder
Generate README badges visually

FAQ

Does it require an API key?
No. The CLI uses the free endoflife.date API and the ReleaseRun badge API. No signup, no API key, no account required.
What files does it detect?
package.json, requirements.txt, Pipfile, go.mod, Gemfile, Cargo.toml, pom.xml, composer.json, Dockerfile, .tool-versions, and single-runtime version files like .node-version and .python-version. Over 100 package-to-technology mappings are built in.
Can I use it in CI/CD?
Yes. Use releaserun ci --fail-on D to exit non-zero when any dependency grades D or worse. Works with GitHub Actions, GitLab CI, Jenkins, CircleCI, and any other CI system that can run Node.js.
What Node.js version do I need?
Node.js 18 or later. If you're on an older version, the tool will warn you.
Is the data accurate?
EOL dates come from endoflife.date, which is community-maintained and covers 300+ products. CVE data comes from our own enrichment service that aggregates NVD, GitHub Advisories, and vendor disclosures.
Can I generate badges for my README?
Yes. Run releaserun badges and it'll auto-detect your stack, generate the markdown, and copy it to your clipboard. Supports health, EOL, version, and CVE badge types. You can also use the visual Badge Builder.

Try it now

One command. No install. No signup.

$ npx releaserun check
View on npm → Source on GitHub →

</> Embed releaserun CLI

Copy this iframe snippet to embed this tool on your website. The tool runs client-side and includes a "Powered by ReleaseRun" attribution.

Preview: Open embed view