Skip to content

EgglezosHub/DepGuard

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DepGuard

Dependency Graph Analysis & Vulnerability Propagation Simulator

DepGuard is a full-stack web application designed to build, inspect, and simulate vulnerability propagation through npm dependency graphs. By parsing package-lock.json files or querying live packages, DepGuard visualizes structural risks and calculates the potential blast radius of compromised dependencies.

Key Features

  • NPM Dependency Resolution: Recursively resolves dependency trees from a lockfile or directly from the npm registry.
  • Vulnerability Detection: Real-time CVE matching via the OSV (Open Source Vulnerabilities) API.
  • Interactive Graph Visualization: Built with Cytoscape.js to explore transitive dependencies, highlight exposure paths, and visualize a package's blast radius.
  • Smart Risk Scoring: Ranks vulnerabilities by combining CVSS severity scores with structural graph metrics (like betweenness centrality and reachability).
  • Built-in Caching: SQLite-backed async caching for rapid subsequent analyses and registry lookups.

Tech Stack

  • Backend: Python, FastAPI, NetworkX (Graph Theory metrics), aiosqlite, HTTPX.
  • Frontend: React, TypeScript, Tailwind CSS, Cytoscape.js.

Quick start

# Backend — terminal 1
cd backend
python -m venv .venv
source .venv/bin/activate          # macOS / Linux
# .venv\Scripts\activate           # Windows
pip install -e ".[dev]"
uvicorn app.main:app --reload      # http://127.0.0.1:8000/docs

# Frontend — terminal 2
cd frontend
npm install
npm run dev                        # http://localhost:5173

About

DepGuard is a visual analysis tool that turns messy `npm` vulnerability lists into clear, interactive graphs. It helps developers find the "blast radius" of a vulnerability and prioritize fixes based on network structure, not just CVSS scores.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors