Dependency Graph Analysis & Vulnerability Propagation Simulator
DepGuard is a full-stack web application designed to build, inspect, and simulate vulnerability propagation through npm dependency graphs. By parsing package-lock.json files or querying live packages, DepGuard visualizes structural risks and calculates the potential blast radius of compromised dependencies.
- NPM Dependency Resolution: Recursively resolves dependency trees from a lockfile or directly from the npm registry.
- Vulnerability Detection: Real-time CVE matching via the OSV (Open Source Vulnerabilities) API.
- Interactive Graph Visualization: Built with Cytoscape.js to explore transitive dependencies, highlight exposure paths, and visualize a package's blast radius.
- Smart Risk Scoring: Ranks vulnerabilities by combining CVSS severity scores with structural graph metrics (like betweenness centrality and reachability).
- Built-in Caching: SQLite-backed async caching for rapid subsequent analyses and registry lookups.
- Backend: Python, FastAPI, NetworkX (Graph Theory metrics), aiosqlite, HTTPX.
- Frontend: React, TypeScript, Tailwind CSS, Cytoscape.js.
# Backend — terminal 1
cd backend
python -m venv .venv
source .venv/bin/activate # macOS / Linux
# .venv\Scripts\activate # Windows
pip install -e ".[dev]"
uvicorn app.main:app --reload # http://127.0.0.1:8000/docs
# Frontend — terminal 2
cd frontend
npm install
npm run dev # http://localhost:5173