Dependency Scanning

CVE detection for npm, pip, Maven, and more. Know your vulnerable dependencies.

Package Managers Supported

  • JavaScript/TypeScript - npm, yarn, pnpm
  • Python - pip, pipenv, poetry
  • Java - Maven, Gradle
  • Ruby - Bundler
  • Go - Go modules
  • Rust - Cargo
  • PHP - Composer

What We Check

  • Known CVEs - Cross-reference with NVD, GitHub Advisory
  • Outdated Packages - Major versions behind
  • License Compliance - GPL, AGPL, proprietary licenses
  • Typosquatting - Suspicious package names
  • Maintainer Changes - Ownership transfers

Auto-Upgrade

Shipwright can automatically upgrade vulnerable dependencies:

  • Find the minimum safe version
  • Check for breaking changes
  • Update lockfile appropriately
  • Run tests to validate

Ready to Scan?

Get your first security scan free.

Scan Now