Scan a project's dependencies and detect abandoned or dying packages. Supports both npm (package.json) and pip (requirements.txt).
npm install -g deathwatch
# Auto-detect package.json / requirements.txt in current directory
deathwatch
# Specify a directory
deathwatch --path ./my-app
# Custom thresholds (in months)
deathwatch --threshold 12 --warn 6
| Option | Default | Description |
|---|---|---|
--path <dir> | cwd | Directory to scan |
--threshold <months> | 12 | Months since last publish to flag as dead (red) |
--warn <months> | 6 | Months since last publish to flag as suspicious (yellow) |
Each package is color-coded:
--threshold months)--warn months)Metadata shown per package:
[DEPRECATED] notice if the npm package is deprecatedA summary is printed at the end with total, healthy, suspicious, dead, and unknown counts.
deprecated noticefetch)Apache 2.0
FAQs
Scan a project's dependencies and detect abandoned or dying packages
We found that deathwatch demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.