Paste your requirements.txt. Checks each package against the PyPI API for deprecated status, last release date, and health signals. Spot the packages quietly going unmaintained before they become a liability.
Paste your requirements.txt. Checks each package against the PyPI API for deprecated status, last release date, and maintainer activity. Spots the packages quietly going unmaintained.
What to watch for
- Deprecated/Yanked: The maintainer has marked the package as deprecated or yanked a version. Common examples:
pyyaml <5.4(code execution),urllib3 <1.26.5(security patches). - Abandoned (5y+): No releases in 5 years. The project is almost certainly dead. Check if there’s an active fork or replacement.
- Stale (2y+): No releases in 2 years. Active packages in the Python ecosystem typically release at least annually for security patches and Python version compatibility.
- Version pinning:
Django==3.2.0might be end-of-life. Check against the EOL Timeline — Django 3.2 LTS ended December 2024.
For CVE scanning, use the Vulnerability Scanner (checks requirements.txt against OSV.dev). For npm dependencies, try the npm Package Health Checker.
📦 More Dependency Health Tools
Browse all 19 free tools in the Dependency Health collection — npm, PyPI, Go, Rust, Maven, PHP Composer, NuGet, RubyGems health checkers and more.
📚 See also: Python Reference — free developer quick-reference.