depaudit

README

# depaudit

Inspect and triage npm/yarn/pnpm dependency vulnerabilities in the terminal.

Why depaudit?

• Turn noisy audit output into a fast, navigable TUI
• Filter by severity / production dependencies
• Open advisories, jump from issue -> package -> dependency context

Install

Homebrew (macOS/Linux)

brew install stevepapa/tap/depaudit

Scoop (Windows)

scoop bucket add stevepapa https://github.com/stevepapa/scoop-bucket
scoop install depaudit

npm

npm i -g depaudit-cli

Go

go install github.com/stevepapa/depaudit@latest

Binary

https://github.com/stevepapa/depaudit/releases

Usage

Run it in a project directory; depaudit auto-detects the package manager from your lockfile.

depaudit

Package Managers

Works with projects that use:

• npm (package-lock.json)
• yarn (yarn.lock)
• pnpm (pnpm-lock.yaml)

It shells out to the corresponding CLI (npm, yarn, or pnpm) to obtain audit data, so that tool must be installed and available in PATH.

You can force a choice with --npm, --yarn, or --pnpm.

Screenshots

Select package manager when multiple are found in a project

Browse vulnerabilites, with detail view panel

Troubleshooting

• No results / can’t detect project: run from a folder that contains a lockfile, or pass --npm / --yarn / --pnpm.
• “command not found” for npm/yarn/pnpm: install the package manager you use and ensure it’s in PATH.
• macOS “untrusted app” warning: expected for unsigned binaries; use System Settings → Privacy & Security → Open Anyway.

Keybindings

Tip: press ? in the app to toggle the built-in help.

General:

Key	Action
1	Issues
2	Package Explorer
Tab	Toggle views
q / Ctrl+C	Quit
?	Toggle help

Issues:

Key	Action
Up/Down or j/k	Navigate
g / G	Top / bottom
o	Open advisory
p	Toggle production-only
s	Cycle severity filter
Enter	Jump to package

Package Explorer:

Key	Action
Up/Down or j/k	Navigate
g / G	Top / bottom
PgUp / PgDn	Jump 10
/	Focus search
Enter	Confirm search
Esc	Clear search / exit search