GitHub - EgglezosHub/DepGuard: DepGuard is a visual analysis tool that turns messy `npm` vulnerability lists into clear, interactive graphs. It helps developers find the "blast radius" of a vulnerability and prioritize fixes based on network structure, not just CVSS scores. · GitHub

/" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

EgglezosHub

DepGuard

Public

Notifications<br>You must be signed in to change notification settings

Fork

Star

main

BranchesTags

Go to file

CodeOpen more actions menu

Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit

History<br>20 Commits<br>20 Commits

backend

backend

frontend

frontend

.gitignore

.gitignore

LICENSE

LICENSE

README.md

README.md

View all files

Repository files navigation

DepGuard

Dependency Graph Analysis & Vulnerability Propagation Simulator

DepGuard is a full-stack web application designed to build, inspect, and simulate vulnerability propagation through npm dependency graphs. By parsing package-lock.json files or querying live packages, DepGuard visualizes structural risks and calculates the potential blast radius of compromised dependencies.

✨ Key Features

NPM Dependency Resolution: Recursively resolves dependency trees from a lockfile or directly from the npm registry.

Vulnerability Detection: Real-time CVE matching via the OSV (Open Source Vulnerabilities) API.

Interactive Graph Visualization: Built with Cytoscape.js to explore transitive dependencies, highlight exposure paths, and visualize a package's blast radius.

Smart Risk Scoring: Ranks vulnerabilities by combining CVSS severity scores with structural graph metrics (like betweenness centrality and reachability).

Built-in Caching: SQLite-backed async caching for rapid subsequent analyses and registry lookups.

🛠️ Tech Stack

Backend: Python, FastAPI, NetworkX (Graph Theory metrics), aiosqlite, HTTPX.

Frontend: React, TypeScript, Tailwind CSS, Cytoscape.js.

Quick start

# Backend — terminal 1<br>cd backend<br>python -m venv .venv<br>source .venv/bin/activate # macOS / Linux<br># .venv\Scripts\activate # Windows<br>pip install -e ".[dev]"<br>uvicorn app.main:app --reload # http://127.0.0.1:8000/docs

# Frontend — terminal 2<br>cd frontend<br>npm install<br>npm run dev # http://localhost:5173

About

DepGuard is a visual analysis tool that turns messy `npm` vulnerability lists into clear, interactive graphs. It helps developers find the "blast radius" of a vulnerability and prioritize fixes based on network structure, not just CVSS scores.

Resources

Readme

License

MIT license

Uh oh!

There was an error while loading. Please reload this page.

Activity

Stars

star

Watchers

watching

Forks

forks

Report repository

Releases

No releases published

Packages

Uh oh!

There was an error while loading. Please reload this page.

Contributors

Uh oh!

There was an error while loading. Please reload this page.

Languages

TypeScript<br>58.1%

Python<br>38.8%

JavaScript<br>1.4%

Other<br>1.7%

You can’t perform that action at this time.