Top 23 Python Dependency Projects

Dependencies

• Add a project

1. scancode-toolkit

   1 7 2,564 9.3 Python

   :mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

   

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. deptry

   2 25 1,424 9.6 Python

   Find unused, missing and transitive dependencies in a Python project.

   

4. conan-center-index

   3 42 1,184 9.9 Python

   Recipes for the ConanCenter repository

   

5. import-linter

   4 4 1,063 9.1 Python

   Lint your Python architecture.

   

6. purl-spec

   5 14 1,056 9.4 Python

   A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

   

   Project mention: Reconciling 15 OSS Vulnerability Databases: What They Actually Cover | dev.to | 2026-04-09

   vuln_id is the primary identifier that source uses — a GHSA-xxxx, CVE-xxxx, PYSEC-xxxx, RUSTSEC-xxxx, GO-xxxx, or MAL-xxxx. aliases is a semicolon-joined list of cross-database identifiers the source knows about. purl is the Package URL — a canonical string like pkg:pypi/tensorflow or pkg:maven/io.grpc/grpc-protobuf that uniquely names a package across every public ecosystem.

7. tern

   6 2 1,017 3.2 Python

   Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more. (by tern-tools)

   

8. creosote

   7 7 375 8.1 Python

   Identify unused dependencies and avoid a bloated virtual environment.

   

9. sbomnix

   8 1 285 8.6 Python

   SBOM, provenance, dependency graph, and vulnerability tools for Nix.

   

10. Secrover

    9 1 255 8.9 Python

    Open-Source Security Reports, Made Simple - 100% free. No paywalls, just actionable insights.

    

    Project mention: I built a free, open-source security scanner with shareable dashboards | news.ycombinator.com | 2025-08-01

11. evergreen

    10 2 227 9.1 Python

    GitHub Action to enable automated security updates and open a issue/PR in repos in an org that have dependency files but no dependabot.yaml file (by github-community-projects)

    

12. github-actions-version-updater

    11 2 102 0.9 Python

    A GitHub Action that Updates All GitHub Actions in a Repository and Creates a Pull Request with the Updates

    

13. Lynx

    12 7 51 4.5 Python

    Light weight dependency graph for systems with massive calculation complexities or scheduling systems (by hosseinmoein)

    

14. gha-update

    13 1 51 4.7 Python

    Update GitHub Actions version pins in GitHub workflow files.

    

    Project mention: GitHub appears to be struggling with measly three nines availability | news.ycombinator.com | 2026-03-23

    See also pinact[1], gha-update[2], and zizmor's unpinned-uses[3].

    The main desiderata with these kinds of action pinning tools is that they (1) leave a tag comment, (2) leave that comment in a format that Dependabot and/or Renovate understands for bumping purposes, and (3) actually put the full tag in the comment, rather than the cutesy short tag that GitHub encourages people to make mutable (v4.x.y instead of v4).

    [1]: https://github.com/suzuki-shunsuke/pinact

    [2]: https://github.com/davidism/gha-update

    [3]: https://docs.zizmor.sh/audits/#unpinned-uses

15. Surfactant

    14 2 41 9.1 Python

    Modular framework for file information extraction and dependency analysis to generate accurate SBOMs

    

    Project mention: Show HN: Analyze binary capabilities in-browser with capa and Pyodide | news.ycombinator.com | 2026-01-21

    Hey all!

    I’ve been working on getting Mandiant’s capa (a tool for identifying capabilities in executables) to run entirely client-side in the browser using Pyodide.

    To make this happen, I’ve been working through the capa dependency tree to ensure all upstream packages publish an sdist or pure-Python wheels. We’ve finally reached the point where it’s possible to run capa to analyze binaries in a browser using the vivisect backend.

    The long-term goal is to upstream these changes to the official mandiant/capa repository. I’d love for people to try it out and let me know how the performance feels or if you run into any quirks.

    Again, a live version can be found here: https://surfactant.readthedocs.io/en/latest/capa/

    And the source files for the page is here: https://github.com/llnl/Surfactant/tree/main/docs/capa

    Suggestions and bug reports are welcome!

16. pip-rating

    15 1 31 9.0 Python

    Check the health of your project's requirements and get a score for each dependency.

    

17. deps

    16 3 12 6.9 Python

    deps: A terminal UI dashboard to monitor python dependencies across a Github organisation (by apoclyps)

    

18. benchmark-imports

    17 6 12 10.0 Python

    CLI tool to record how much time it takes to import each dependency in a Python project

    

19. deferred-import

    18 7 10 0.0 Python

    Lazy import and install on demand Python packages

    

20. processes

    19 1 5 8.8 Python

    Orchestrate graphs of callables in Python with automatic dependency resolution, parallel execution, retries, timeouts, and HTML email alerts on failure — zero dependencies

    

    Project mention: [Looking 4 Feedback] I wanted a better way to handle routines in Python, so I built processes lib | dev.to | 2026-01-19

    Repo: https://github.com/oliverm91/processes PyPI: https://pypi.org/project/processes/

21. pydependence

    20 2 3 0.0 Python

    🕵️🐍 Generate requirements.txt and pyproject.toml extras across modules, with configurable starting points, using import graph traversal and the python AST. Fully configurable and works with pre-commit.

    

22. python-project-template

    21 1 3 6.3 Python

    Python project template with a starting structure, CI/CD. linting, testing, and code coverage analysis (by dagpunk)

    

23. depoverflow

    22 1 3 0.0 Python

    Watches StackOverflow answers and GitHub issues referenced in code for changes

    

24. venvmux

    23 0 0 3.3 Python

    Run Python functions in persistent, warm subprocesses inside isolated virtual environments

    

Python Dependencies related posts

• Show HN: Analyze binary capabilities in-browser with capa and Pyodide

  1 project | news.ycombinator.com | 21 Jan 2026

• Understanding the PURL Specification (Package URL)

  9 projects | news.ycombinator.com | 5 Jun 2025

• Show HN: Deptry 0.14.0 – detect unused Python dependencies up to 10 times faster

  1 project | news.ycombinator.com | 16 Mar 2024

• Show HN: Visualize the Entropy of a Codebase with a 3D Force-Directed Graph

  6 projects | news.ycombinator.com | 31 Jan 2024

• ScanCode: Scan license and packages, dependencies and origin information

  1 project | news.ycombinator.com | 11 Aug 2023

• Kraken Technologies: How we organise our large Python monolith

  1 project | news.ycombinator.com | 18 Jul 2023

• Show HN: Deptry 0.10.0 – detect unused dependencies in your Python project

  2 projects | news.ycombinator.com | 8 May 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 21 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!