> ## Documentation Index
> Fetch the complete documentation index at: https://reikon.dev/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Dependencies

> Dependency health — known vulnerabilities and outdated packages, across your ecosystem.

# Tour: Dependencies

Dependency **health** — the two things about your dependencies that are worth acting on:
what's *vulnerable* and what's *behind*. (The descriptive import graph and matrix used to
live here too; the structural picture now belongs to [Architecture](./architecture), which
turns it into layer findings you can act on rather than a map you just read.)

## Security

Known vulnerabilities in your dependencies, sorted by severity (critical → info), with a
"fix available" badge and a direct-vs-transitive indicator. Reikon reads your project's
own ecosystem — JavaScript/TypeScript (npm), Python, Rust, Go, Ruby, PHP, and Java — and
runs the official scanner for each (`npm audit`, `pip-audit`, `cargo audit`, `govulncheck`,
`bundler-audit`, `composer audit`, and so on). If the scanner for your language isn't
installed, Reikon tells you which one to install rather than pretending everything is
fine. For Java it reads an existing OWASP dependency-check report if your build produced
one, rather than running that lengthy scan itself.

## Packages

Outdated dependencies — current / wanted / latest versions per package, with
major-version-behind (more urgent) visually distinguished from minor-version-behind.
Works across the same ecosystems as Security.

Both Security and Packages feed into the dependency health signal on the Dashboard —
see [Formulas & Methodology](../../reference/formulas#dependency-health-optional--only-when-a-packagejson-exists).
The signal is left out of the health score entirely when a project has no recognized
dependency manifest, or when its security scanner isn't installed — it's never silently
scored as a perfect (or zero) number.
