Dependency EOL Scanner

Paste your dependency file. Get an instant health report showing which technologies are approaching end-of-life, have known CVEs, or need upgrading.

Detects runtimes, databases, and infrastructure from your dependencies

How It Works

📋

Paste Your File

Supports package.json, requirements.txt, go.mod, Gemfile, Cargo.toml, and pom.xml.

🔍

Auto-Detect Technologies

We identify runtimes, databases, frameworks, and infrastructure from your dependency list.

📊

Get Your Report

Instant health grades, EOL status, CVE counts, and version info — powered by live badge data from 300+ products.

Supported File Types

package.json

Node.js — detects Node version from engines, plus PostgreSQL, Redis, MongoDB, etc. from dependencies

requirements.txt

Python — detects Django, Flask, PostgreSQL (psycopg2), Redis, Celery, and more

go.mod

Go — detects Go version, Kubernetes (client-go), PostgreSQL, Redis, gRPC

Gemfile

Ruby — detects Ruby version, Rails, PostgreSQL, Redis, Sidekiq

Cargo.toml

Rust — detects Rust version, tokio, diesel (PostgreSQL), redis-rs

pom.xml

Java/Maven — detects Java version, Spring Boot, PostgreSQL, MySQL, Redis

FAQ

Is my data sent anywhere?

No. Everything is parsed in your browser. We fetch public badge images from img.releaserun.com, but your dependency file never leaves your device.

What exactly gets detected?

We focus on runtimes (Node.js, Python, Go, Rust, Ruby, Java, PHP), databases (PostgreSQL, MySQL, Redis, MongoDB, Elasticsearch), frameworks (Django, Flask, Rails, React, Angular, Vue, Spring Boot), and infrastructure (Kubernetes, Docker, Terraform, Nginx). We don't scan every npm/pip package — just the ones that map to trackable platforms.

How accurate are the health grades?

Grades are based on version freshness (35%), known CVEs (35%), and EOL status (30%). Data comes from endoflife.date, CVE databases, and our release tracking. Grades reflect the technology's overall health, not your specific version — for version-specific data, check the EOL and CVE badges.

Can I scan private registries or lockfiles?

The scanner parses standard file formats. Since everything runs client-side, private packages stay private — but we can only match dependencies against our database of 300+ tracked technologies.

Monitor your stack continuously

Add live health badges to your README so your team always knows the EOL status and security posture of every technology in your stack.

Build Your Badges → Stack Health Scorecard
Powered by ReleaseRun — Free developer tools for release lifecycle management