DepLens

Analyze the true cost of any dependency across ecosystems. A free, open-source alternative to bundlephobia that adds contextual health scoring, dependency tree attribution, security analysis via OSV, and support for npm, PyPI, and Maven.

Local setup

1. Install PostgreSQL and Redis

macOS (Homebrew):

brew install postgresql@16 redis
brew services start postgresql@16
brew services start redis

Add the PostgreSQL binaries to your PATH (add this to your ~/.zshrc or ~/.bashrc):

# Apple Silicon (M1/M2/M3):
export PATH="/opt/homebrew/opt/postgresql@16/bin:$PATH"
# Intel:
export PATH="/usr/local/opt/postgresql@16/bin:$PATH"

Then reload your shell:

source ~/.zshrc

Other platforms: install PostgreSQL 14+ and Redis 7+ via your package manager or the official installers.

2. Create the database

createdb deplens

3. Install Node dependencies

npm install

4. Configure environment variables

Create a .env.local file in the project root:

DATABASE_URL=postgresql://localhost:5432/deplens
REDIS_URL=redis://localhost:6379

5. Create the database tables

npm run db:push

6. Start the services

You need two processes running simultaneously — open two terminal windows:

Terminal 1 — web server:

npm run dev

The app will be available at http://localhost:3000.

Terminal 2 — analysis worker:

npm run worker

The worker connects to Redis and processes package analysis jobs. Without it, searches will queue but never complete. It reads .env.local via Node's --env-file flag before any modules load, which is necessary because the database client initializes at import time.

How it works

Search for a package on the homepage and select an ecosystem (npm, PyPI, or Maven).
The web server checks the database cache. On a cache miss, it enqueues a job and returns a pending state.
The worker picks up the job, runs the analysis (fetches registry metadata, bundles with esbuild for npm, measures sizes, queries OSV for CVEs), and writes results to the database.
The UI polls every 3 seconds until the result is ready, then renders the package detail page with health score, bundle size breakdown, dependency tree, and security panel.

Results are cached for 6 hours and refreshed in the background on subsequent visits.

Other commands

npm run build        # Production build
npm run test         # Run tests
npm run lint         # ESLint
npm run check        # Prettier + ESLint fix
npm run db:studio    # Open Drizzle Studio (visual DB browser)

Name		Name	Last commit message	Last commit date
Latest commit History 27 Commits
.vscode		.vscode
public		public
src		src
worker		worker
.cursorrules		.cursorrules
.gitignore		.gitignore
.oxlintrc.json		.oxlintrc.json
.prettierignore		.prettierignore
CLAUDE.md		CLAUDE.md
README.md		README.md
commitlint.config.ts		commitlint.config.ts
components.json		components.json
drizzle.config.ts		drizzle.config.ts
lefthook.yml		lefthook.yml
package-lock.json		package-lock.json
package.json		package.json
prettier.config.js		prettier.config.js
tsconfig.json		tsconfig.json
vite.config.ts		vite.config.ts

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

DepLens

Local setup

1. Install PostgreSQL and Redis

2. Create the database

3. Install Node dependencies

4. Configure environment variables

5. Create the database tables

6. Start the services

How it works

Other commands

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

DepLens

Local setup

1. Install PostgreSQL and Redis

2. Create the database

3. Install Node dependencies

4. Configure environment variables

5. Create the database tables

6. Start the services

How it works

Other commands

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages