Upload your dependency file. Get a traffic-light report on license compliance and known CVEs in 30 seconds. No signup. No enterprise pricing.
Pay $1.99 to unlock the full report with per-dependency details, CVE links, and license breakdown.
Drop your package.json, requirements.txt, go.mod, Gemfile, or composer.json.
Real lookups against npm, PyPI, RubyGems, Packagist, and OSV.dev vulnerability database.
Traffic-light grading per dependency: licenses, CVEs, and actionable recommendations.
Every dependency tagged as permissive (MIT, Apache, BSD), copyleft (GPL, AGPL), or unknown.
Cross-referenced against OSV.dev for known vulnerabilities with severity ratings and fix versions.
npm, PyPI, Go modules, RubyGems, and Packagist. All from one upload.
Parallel lookups across registries. No waiting for batch jobs or email reports.
Snyk, FOSSA, Mend start at $100+/month. Built for enterprises with procurement cycles.
OWASP Dependency-Check is Java-based CLI. Great if you love configuring build plugins.
DepAudit is $1.99, takes 30 seconds, and needs zero setup. Upload โ pay โ done.
We support package.json (npm/Node.js), requirements.txt (Python/pip), go.mod (Go modules), Gemfile (Ruby), and composer.json (PHP). We auto-detect the format from file contents.
We query the OSV.dev database maintained by Google, which aggregates advisories from GitHub Security Advisories, NVD, PyPI, npm, Go, and RubyGems advisory databases. It's the same data source used by Google's OSS-Fuzz.
๐ข Green = permissive (MIT, ISC, BSD, Apache-2.0). ๐ก Yellow = weak copyleft or unknown (LGPL, MPL-2.0). ๐ด Red = strong copyleft (GPL, AGPL) which may require you to open-source your code, or known vulnerabilities.
We store the scan results (package names, versions, licenses, vulnerabilities) for report access. We do NOT store your original file contents after processing. Files are parsed in memory and discarded.
We make real-time API calls to package registries (npm, PyPI, RubyGems, Packagist) and vulnerability databases for every dependency. At $1.99 per scan, you're paying for live data, not a cached database.
ChatGPT can't query live package registries or real-time vulnerability databases. It would hallucinate license info and miss recent CVEs. DepAudit queries npm, PyPI, and OSV.dev in real-time for every single dependency.