Skip to main content

Tour: Dependencies

Dependency health — the two things about your dependencies that are worth acting on: what’s vulnerable and what’s behind. (The descriptive import graph and matrix used to live here too; the structural picture now belongs to Architecture, which turns it into layer findings you can act on rather than a map you just read.)

Security

Known vulnerabilities in your dependencies, sorted by severity (critical → info), with a “fix available” badge and a direct-vs-transitive indicator. Reikon reads your project’s own ecosystem — JavaScript/TypeScript (npm), Python, Rust, Go, Ruby, PHP, and Java — and runs the official scanner for each (npm audit, pip-audit, cargo audit, govulncheck, bundler-audit, composer audit, and so on). If the scanner for your language isn’t installed, Reikon tells you which one to install rather than pretending everything is fine. For Java it reads an existing OWASP dependency-check report if your build produced one, rather than running that lengthy scan itself.

Packages

Outdated dependencies — current / wanted / latest versions per package, with major-version-behind (more urgent) visually distinguished from minor-version-behind. Works across the same ecosystems as Security. Both Security and Packages feed into the dependency health signal on the Dashboard — see Formulas & Methodology. The signal is left out of the health score entirely when a project has no recognized dependency manifest, or when its security scanner isn’t installed — it’s never silently scored as a perfect (or zero) number.