Skip to content

Go Module Health Checker — Find Outdated go.mod Dependencies

Paste your go.mod file. Checks every direct dependency against the Go module proxy to see which are behind on major, minor, or patch versions — and how long since the last release.

Paste your go.mod. Checks each direct dependency against the Go module proxy for latest version, days since last release, and whether you’re behind on major/minor versions. Skips Go stdlib and indirect deps (shown in summary).

What to watch for

  • Major version behind: A major bump (v1 → v2) means breaking changes. go-redis/redis/v8v9, gorilla/mux (now archived — switch to net/http stdlib routing in Go 1.22+).
  • Pseudo-versions (v0.0.0-timestamp-hash): Your go.mod is pinned to a specific commit, not a release tag. Acceptable for forks or unreleased packages, but risky for production deps — no semantic versioning guarantees.
  • Archived modules: Several popular Go packages have been archived. gorilla/mux, go-redis/redis/v8 (superseded by v9), github.com/dgrijalva/jwt-go (CVEs, use golang-jwt/jwt/v5). Check pkg.go.dev for archive status.
  • Last release age: A module with no release in 2+ years isn’t necessarily abandoned (many Go packages are stable and complete), but it’s worth checking if it’s been forked or replaced.

For CVE scanning across Go, npm, and Python deps, use the Vulnerability Scanner — it checks go.sum against OSV.dev. For npm: npm Health. For Python: PyPI Health.

Founded

2023 in London, UK

Contact

hello@releaserun.com

</> Embed Go Module Health Checker — Find Outdated go.mod Dependencies

Copy this iframe snippet to embed this tool on your website. The tool runs client-side and includes a "Powered by ReleaseRun" attribution.

Preview: Open embed view