# Dependency Vulnerability Scanners > Search results for `find vulnerable dependencies in your project's lockfiles` on awesome-repositories.com. 115 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/find-vulnerable-dependencies-in-your-project-s-lockfiles **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/find-vulnerable-dependencies-in-your-project-s-lockfiles).** ## Results - [chalarangelo/30-seconds-of-code](https://awesome-repositories.com/repository/chalarangelo-30-seconds-of-code.md) (128,121 ⭐) — 30-seconds-of-code is a comprehensive knowledge base and programming snippet library designed to support software engineering education and professional development. It provides a curated collection of reusable code units and technical guides that help developers master core language mechanics, design patterns, and architectural philosophies. The project distinguishes itself by offering a wide-ranging library of algorithmic solutions and web development patterns that are organized into modular, independently testable units. It emphasizes functional programming paradigms and declarative logic, - [danger/danger-js](https://awesome-repositories.com/repository/danger-danger-js.md) (5,480 ⭐) — danger-js is an automated code review tool and CI pipeline plugin that functions as a pull request linter. It verifies commit messages, tracks dependency changes, and ensures pull requests meet project standards by posting automated feedback and comments directly into the version control interface. The system integrates with various Git providers, including GitHub, GitLab, and BitBucket, to retrieve pull request metadata and execute custom review rules. It allows teams to package and distribute review conventions as shareable modules and supports the execution of rules written in transpiled l - [google/osv-scanner](https://awesome-repositories.com/repository/google-osv-scanner.md) (10,565 ⭐) — osv-scanner is a software composition analysis tool and vulnerability scanner that checks project dependencies and container images against the Open Source Vulnerabilities database. It functions as a dependency remediation tool and can be integrated into custom Go applications as a programmable security library. The project distinguishes itself through a remediation workflow that includes an interactive terminal user interface and automated scripting for upgrading vulnerable packages in lockfiles and manifests. It employs call-graph reachability analysis to determine if vulnerable code is act - [google/osv.dev](https://awesome-repositories.com/repository/google-osv-dev.md) (2,494 ⭐) — OSV is a distributed database and aggregator of open-source security advisories that uses a standardized vulnerability schema to track security flaws. It functions as a system for collecting and normalizing security data from diverse ecosystems into a single unified format, providing a web API for querying package vulnerabilities and submitting standardized records. The project distinguishes itself through a security advisory distribution service that supports bulk dataset exports via cloud storage buckets and incremental synchronization of security record updates. It also employs sandbox-bas - [github/opensource.guide](https://awesome-repositories.com/repository/github-opensource-guide.md) (15,530 ⭐) — This project serves as a comprehensive repository of best practices and documentation standards for managing open source software. It provides a foundational framework for establishing project governance, defining contributor roles, and structuring the lifecycle of collaborative software development. By centralizing knowledge on community building and operational transparency, it acts as a guide for launching, maintaining, and scaling healthy software projects. The project distinguishes itself by offering actionable strategies for the human and organizational aspects of software development t - [lirantal/is-website-vulnerable](https://awesome-repositories.com/repository/lirantal-is-website-vulnerable.md) (2,029 ⭐) — finds publicly known security vulnerabilities in a website's frontend JavaScript libraries - [npm/cli](https://awesome-repositories.com/repository/npm-cli.md) (9,846 ⭐) — This project is a command line interface for managing, installing, and publishing JavaScript packages to a remote registry. It serves as a dependency resolution tool, a software registry publishing client, and a security auditor for Node.js development workflows. The tool distinguishes itself by providing integrated monorepo workspace management and a comprehensive registry authentication client that supports multi-factor authentication. It enables detailed control over the software supply chain through provenance attestations, package signature verification, and the generation of a Software - [lirantal/lockfile-lint](https://awesome-repositories.com/repository/lirantal-lockfile-lint.md) (863 ⭐) — Lint an npm or yarn lockfile to analyze and detect security issues - [addyosmani/agent-skills](https://awesome-repositories.com/repository/addyosmani-agent-skills.md) (60,849 ⭐) — Agent-skills is a collection of structured instructions and behavioral personas designed to standardize how AI coding agents perform engineering tasks. It functions as a workflow orchestrator that maps natural language intent to repeatable technical sequences and verification checklists. The project distinguishes itself through the use of specialized markdown-defined roles, such as security auditors or test engineers, to apply targeted domain expertise. It employs an evidence-based verification model that requires runtime data or passing tests as mandatory exit criteria to ensure AI-generated - [multilang-depends/depends](https://awesome-repositories.com/repository/multilang-depends-depends.md) (253 ⭐) — Depends is a fast, comprehensive code dependency analysis tool - [yoavain/fix-lockfile-integrity](https://awesome-repositories.com/repository/yoavain-fix-lockfile-integrity.md) (6 ⭐) — Fix NPM lockfile integrity - [astral-sh/uv](https://awesome-repositories.com/repository/astral-sh-uv.md) (86,451 ⭐) — uv is a high-performance Python package manager and project build tool designed to handle dependency resolution, virtual environment orchestration, and Python interpreter management. It functions as a comprehensive workspace orchestrator, enabling developers to manage complex, multi-package repositories and ensure reproducible builds across different platforms. The tool distinguishes itself through its use of a global, content-addressable cache and hard-link-based environment provisioning, which allow for near-instant environment creation and minimal disk usage. It employs a high-performance - [lirantal/npm-security-best-practices](https://awesome-repositories.com/repository/lirantal-npm-security-best-practices.md) (1,178 ⭐) — This project provides a comprehensive framework for securing the software supply chain within the Node.js ecosystem. It focuses on mitigating risks associated with third-party dependencies by implementing technical controls and governance policies designed to prevent malicious code injection and ensure the integrity of the development environment. The guide distinguishes itself by offering specific hardening techniques for package management, such as disabling automatic execution of lifecycle scripts and enforcing strict registry-scoped dependency routing to prevent dependency confusion. It e - [indigounited/node-proper-lockfile](https://awesome-repositories.com/repository/indigounited-node-proper-lockfile.md) (280 ⭐) — [npm-url]:https://npmjs.org/package/proper-lockfile [downloads-image]:https://img.shields.io/npm/dm/proper-lockfile.svg [npm-image]:https://img.shields.io/npm/v/proper-lockfile.svg [travis-url]:https://travis-ci.org/moxystudio/node-proper-lockfile… - [wearehive/project-guidelines](https://awesome-repositories.com/repository/wearehive-project-guidelines.md) (29,458 ⭐) — This project is a comprehensive set of architectural and coding standards for organizing and maintaining high-quality JavaScript applications. It provides a framework for JavaScript project best practices across the full software development lifecycle, establishing unified guidelines for project organization and development. The guidelines cover specific standards for REST API design, utilizing resource-oriented interfaces and standardized HTTP methods. It also includes a web accessibility standard focused on semantic HTML and automated audits, alongside a defined Git workflow standard for br - [introlab/find-object](https://awesome-repositories.com/repository/introlab-find-object.md) (477 ⭐) — Find-Object project - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai - [future-architect/vuls](https://awesome-repositories.com/repository/future-architect-vuls.md) (12,185 ⭐) — Vuls is an agentless vulnerability scanner and CVE intelligence aggregator. It identifies security flaws in operating systems, containers, and network devices without requiring the installation of permanent software agents on target machines. The project distinguishes itself by cross-referencing software versions against multiple vulnerability databases, security advisories, and known exploit catalogs. It utilizes platform-based enumeration and lockfile analysis to detect vulnerabilities in network hardware, programming libraries, and website plugins. The tool covers a broad range of securit - [moxystudio/node-proper-lockfile](https://awesome-repositories.com/repository/moxystudio-node-proper-lockfile.md) (279 ⭐) — An inter-process and inter-machine lockfile utility that works on a local or network file system. - [agno-agi/agno](https://awesome-repositories.com/repository/agno-agi-agno.md) (40,717 ⭐) — Agno is an agent operating system designed to manage the lifecycle, tool execution, and persistent state of autonomous agents across distributed infrastructure. It provides a unified runtime environment that wraps diverse agent frameworks into a consistent, interoperable protocol, allowing developers to build and deploy complex multi-agent systems that coordinate tasks and delegate sub-processes. The platform distinguishes itself through a robust governance and orchestration layer that includes human-in-the-loop approval gates, role-based access control, and a centralized API gateway. It feat - [oven-sh/bun](https://awesome-repositories.com/repository/oven-sh-bun.md) (93,257 ⭐) — Bun is a high-performance runtime environment designed to execute JavaScript and TypeScript applications with minimal latency and high throughput. Built on a native core implemented in Zig, it provides a unified execution engine that leverages JavaScriptCore for efficient memory management and low-latency startup. The project functions as an all-in-one toolchain, integrating a native bundler, transpiler, package manager, and test runner into a single command-line interface. What distinguishes Bun is its focus on native system integration and developer productivity. It features a high-performa - [sarbbottam/eslint-find-rules](https://awesome-repositories.com/repository/sarbbottam-eslint-find-rules.md) (212 ⭐) — Find built-in ESLint rules you don't have in your custom config - [wazehell/vulnerable-ad](https://awesome-repositories.com/repository/wazehell-vulnerable-ad.md) (2,307 ⭐) — Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab - [microsoft/rushstack](https://awesome-repositories.com/repository/microsoft-rushstack.md) (6,479 ⭐) — Rushstack is a comprehensive toolset for managing large-scale TypeScript monorepos, providing a framework for build pipeline automation, dependency coordination, and static analysis. It functions as an incremental build orchestrator and management system designed to maintain consistency and performance across multiple packages in a shared workspace. The system distinguishes itself through an execution model based on directed acyclic graphs and content-hash-based incrementalism, which ensures only affected projects are rebuilt. It further optimizes development workflows via remote build artifa - [apple/pkl](https://awesome-repositories.com/repository/apple-pkl.md) (11,429 ⭐) — Pkl is a configuration-as-code language used to define, validate, and generate structured configuration files. It functions as a type-safe configuration generator that enforces data integrity through a strongly-typed schema, ensuring configuration values meet defined constraints and types during evaluation. The project distinguishes itself by acting as both a configuration file generator and a binding generator. It transforms high-level programmable definitions into static formats such as JSON, YAML, or XML, and produces language-specific source code to synchronize settings and provide type s - [cr0hn/vulnerable-node](https://awesome-repositories.com/repository/cr0hn-vulnerable-node.md) (487 ⭐) — A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools - [fastapi/fastapi](https://awesome-repositories.com/repository/fastapi-fastapi.md) (99,260 ⭐) — FastAPI is a web framework for building APIs with Python. It leverages standard language type hints to provide automatic data validation, request parsing, and interactive API documentation generation. The framework supports asynchronous request handling and manages execution contexts to prevent blocking the main event loop. The project includes a dependency injection system that allows for the resolution and injection of reusable components into request handlers. This system supports request-scoped caching, lifecycle management, and integration with security mechanisms like OAuth2 and JSON We - [dependabot/dependabot-core](https://awesome-repositories.com/repository/dependabot-dependabot-core.md) (5,413 ⭐) — dependabot-core is the automated dependency management engine that powers multi-ecosystem package updates and vulnerability remediation. It parses package manifests and lockfiles, polls package registries for newer versions, resolves version constraints across entire dependency trees, and generates pull requests with changelogs and structured descriptions. The system integrates vulnerability database matching to detect known security flaws and can automatically create remediation pull requests. What distinguishes this project is its handling of complex multi-ecosystem resolution across dozens - [bridgecrewio/checkov](https://awesome-repositories.com/repository/bridgecrewio-checkov.md) (8,798 ⭐) — Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security - [albuch/sbt-dependency-check](https://awesome-repositories.com/repository/albuch-sbt-dependency-check.md) (266 ⭐) — SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow: - [curl/curl](https://awesome-repositories.com/repository/curl-curl.md) (42,214 ⭐) — Curl is a command-line tool and portable library for transferring data across a wide range of network protocols. It functions as a unified engine that abstracts diverse communication standards, allowing users and developers to move files and information between servers using a consistent interface. The project provides both a versatile command-line client for terminal-based automation and a stable programmatic interface for integrating complex network operations into applications. The system is distinguished by its protocol-agnostic core and its ability to manage both synchronous and asynchro - [asyncfuncai/deepwiki-open](https://awesome-repositories.com/repository/asyncfuncai-deepwiki-open.md) (14,362 ⭐) — This platform is an automated documentation and codebase analysis system designed to generate structured wikis, technical guides, and interactive diagrams from source code repositories. It functions as a retrieval-augmented generation framework that connects codebases to language models, enabling context-aware answers, deep research, and automated documentation updates through semantic vector search. The system distinguishes itself through a self-hosted, containerized architecture that supports both cloud-based and local AI model execution. It provides sophisticated model orchestration, allow - [goldbergyoni/nodebestpractices](https://awesome-repositories.com/repository/goldbergyoni-nodebestpractices.md) (105,356 ⭐) — This project provides a comprehensive collection of industry-standard guidelines for developing, testing, and deploying Node.js applications. It covers the entire software lifecycle, offering actionable advice on code style, architectural patterns, and security measures to ensure maintainability and consistency across large-scale codebases. The documentation details strategies for robust error management, containerization, and production readiness. It addresses operational requirements such as observability, scalability, and infrastructure configuration, while providing specific methodologies - [bishopfox/iam-vulnerable](https://awesome-repositories.com/repository/bishopfox-iam-vulnerable.md) (574 ⭐) — Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. - [chalarangelo/30-seconds-of-python](https://awesome-repositories.com/repository/chalarangelo-30-seconds-of-python.md) (8,826 ⭐) — 30 Seconds of Python is a curated collection of short, reusable Python code snippets designed for quick reference and immediate reuse. It provides an interactive browser that lets you explore snippets organized by tags, search across names and descriptions, and copy code to your clipboard with a single click. The collection covers a broad range of common programming tasks, including list and dictionary operations, string formatting and manipulation, date and time calculations, and color format conversion. It also includes utilities for data transformation, such as converting between case styl - [nautechsystems/nautilus_trader](https://awesome-repositories.com/repository/nautechsystems-nautilus-trader.md) (20,056 ⭐) — Nautilus Trader is a high-performance algorithmic trading framework built in Rust, designed for the development, backtesting, and live execution of automated trading strategies. It provides a comprehensive platform for managing multi-asset portfolios and interacting with diverse financial markets through a standardized connectivity suite. The system is engineered to handle high-frequency data processing and complex order execution while maintaining precise numerical accuracy across various asset classes. The framework distinguishes itself through an architecture centered on deterministic even - [your-tools/ruplacer](https://awesome-repositories.com/repository/your-tools-ruplacer.md) (489 ⭐) — Find and replace text in source files - [avaloniaui/avalonia](https://awesome-repositories.com/repository/avaloniaui-avalonia.md) (30,986 ⭐) — Avalonia is a cross-platform desktop framework that enables the creation of native-feeling applications for Windows, macOS, and Linux from a single codebase. It functions as a declarative UI toolkit, allowing developers to define complex visual hierarchies and interface structures using a markup-based syntax that maps directly to underlying object properties. By utilizing the Model-View-ViewModel architectural pattern, the framework facilitates a clean separation between application logic and user interface layout, which simplifies unit testing and component maintenance. The framework disting - [voltagent/awesome-claude-code-subagents](https://awesome-repositories.com/repository/voltagent-awesome-claude-code-subagents.md) (21,906 ⭐) — This project provides a framework for managing multi-agent systems, designed to automate complex software development, infrastructure, and business workflows. It functions as a multi-agent workflow orchestrator that routes tasks to domain-specific workers while maintaining state persistence and infrastructure automation. By leveraging large language models, the system decomposes high-level objectives into actionable plans, ensuring that complex operations are executed with consistency and reliability. The framework distinguishes itself through its hierarchical agent registry and policy-driven - [dependencytrack/dependency-track](https://awesome-repositories.com/repository/dependencytrack-dependency-track.md) (3,612 ⭐) — Dependency-Track is a software composition analysis tool and vulnerability management system designed to track dependencies and supply chain risk. It functions as a platform for ingesting and analyzing CycloneDX software bills of materials to identify known vulnerabilities and license compliance issues within third-party software components. The system distinguishes itself by mirroring external vulnerability databases locally to enable fast offline analysis and using VEX documents to differentiate between technical vulnerabilities and actual contextual risks. It also integrates with identity - [keygraphhq/shannon](https://awesome-repositories.com/repository/keygraphhq-shannon.md) (44,672 ⭐) — Shannon is an integrated security platform designed for autonomous penetration testing, static and dynamic analysis, and automated vulnerability remediation within self-hosted, private infrastructure. It functions as a unified security suite that orchestrates the entire lifecycle of vulnerability management, from initial discovery and reachability prioritization to the generation and verification of code-level patches. The platform distinguishes itself through its agentic approach to security, deploying autonomous agents to execute both black-box and white-box exploits against running applica - [zhyfeng/dependency](https://awesome-repositories.com/repository/zhyfeng-dependency.md) (25 ⭐) — This artifact is for paper "Demystifying the Dependency Challenge in Kernel Fuzzing". Fuzz testing operating system kernels remains a daunting task to date. One known challenge is that much of the kernel code is locked under specific kernel states and current kernel fuzzers are not effective in… - [drakkar-software/octobot](https://awesome-repositories.com/repository/drakkar-software-octobot.md) (6,079 ⭐) — OctoBot is an open-source automated trading platform that connects to over 15 cryptocurrency exchanges, enabling users to deploy grid, dollar-cost averaging, market-making, and AI-driven trading strategies. It functions as a unified multi-exchange trading platform, a TradingView alert executor, and a crypto trading bot, all within a single system. The platform is built on an event-driven trading loop with a plugin-based strategy engine, an exchange-agnostic connector layer, and a cloud-synced profile store for multi-device consistency. What distinguishes OctoBot is its integration of large la - [googlecontainertools/skaffold](https://awesome-repositories.com/repository/googlecontainertools-skaffold.md) (15,856 ⭐) — Skaffold is a command-line tool that automates the build, push, and deployment lifecycle for containerized applications on Kubernetes. It functions as a continuous development engine, monitoring source code for changes to trigger incremental updates, manifest hydration, and automated deployments to a cluster. By abstracting the underlying build and deployment tools, it provides a unified interface for managing the inner development loop. The platform distinguishes itself through its environment-aware configuration and flexible build orchestration. It supports diverse build strategies, includi - [aboutcode-org/scancode-toolkit](https://awesome-repositories.com/repository/aboutcode-org-scancode-toolkit.md) (2,567 ⭐) — ScanCode Toolkit is a software composition analysis tool and scanning framework designed to identify open-source licenses and copyright statements in source code and binary files. It functions as an open-source license detector, a dependency vulnerability scanner, and a generator for standardized software bills of materials in SPDX and CycloneDX formats. The project is built as a plugin-based scanning framework, allowing the integration of custom detection logic, specialized analyzers, and modified scanning behaviors at runtime. It distinguishes itself through the ability to produce formal le - [versolearning/find-from-publication](https://awesome-repositories.com/repository/versolearning-find-from-publication.md) (0 ⭐) — Find from publication works around a limitation in Meteor core- there's no way to determine which records, client side, have resulted from a given subscription. - [casey/just](https://awesome-repositories.com/repository/casey-just.md) (34,302 ⭐) — This project is a command-line task runner designed to manage project-specific workflows through a centralized, configuration-driven interface. It functions as a declarative tool for organizing build logic, environment variables, and task dependencies into a structured format, enabling the automation of complex development pipelines. The tool distinguishes itself by providing a shell-agnostic execution layer that ensures consistent behavior across Windows, macOS, and Linux. It supports advanced workflow orchestration by constructing directed acyclic graphs to manage task prerequisites, while - [sindresorhus/find-up](https://awesome-repositories.com/repository/sindresorhus-find-up.md) (640 ⭐) — Find a file or directory by walking up parent directories - [owasp/top10](https://awesome-repositories.com/repository/owasp-top10.md) (5,273 ⭐) — This project is a web application security standard and vulnerability framework. It provides a comprehensive list of the most critical security risks facing web applications, paired with technical guidance and a structured methodology for identifying and mitigating these flaws. The framework functions as a secure coding guide and a risk assessment methodology, offering a standardized approach to prioritizing vulnerabilities based on their potential impact and likelihood of exploitation. It defines architectural patterns and technical recommendations to help developers implement defense in dep - [hadarmanor/public-vulnerabilities](https://awesome-repositories.com/repository/hadarmanor-public-vulnerabilities.md) (14 ⭐) — All my public vulnerabilities.