DepScan

Python dependency analyzer. Scans requirements.txt and pyproject.toml for known vulnerable packages, abandoned/deprecated libraries, unpinned versions, dev packages leaked into production, and version conflicts. Tracks 14+ packages with known CVE histories including pycrypto, PyYAML, urllib3, Jinja2, and Django. Detects 25+ dev-only packages that shouldn't be in production. Calculates pin rate score — one number showing how reproducible your builds are. HTML, JSON, text reports. CI/CD ready. Zero dependencies.