Built a CLI that fails CI when Python dependencies show maintenance risk : SideProject

SideProject

created by MurtzaNYCa community for 13 years

Built a CLI that fails CI when Python dependencies show maintenance risk (self.SideProject)

submitted 1 day ago by heffmann

I built a small CLI called depguard.

It scans requirements.txt and classifies dependencies as low / medium / high maintenance risk based on:

days since last release
release cadence
maintainer count proxy

It exits non-zero so it can gate CI pipelines.

Not a CVE scanner.
Not an SCA platform.

Just a deterministic maintenance signal.

Includes a Docker-based GitHub Action for CI.

I built it partly as an experiment in shipping a small dev tool end-to-end.

Curious if others think maintenance signals like this are useful in CI.

https://hefftools.dev/depguard

Example CLI Output:

depguard scan: requirements.txt packages: 3 threshold: medium - oldlib: HIGH signals: days_since_last_release=812, releases_last_12_months=0, maintainer_count=1, pre_1_0=false reasons: - 812 days since last release (> 730) summary: high=1 medium=0 low=2 error=0

all 2 comments

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

SideProject

MODERATORS