PyDeps is the most comprehensive Python dependency explorer available. Search any of the 840,000+ packages on PyPI and instantly visualize its complete dependency graph, discover all transitive subdependencies, find reverse dependencies (dependents), check for known CVEs, review license information, and download packages with all dependencies bundled for offline or air-gapped installs — all in one fast, free tool.
Every Python package on PyPI declares a set of dependencies — other packages it needs to function. Those dependencies have their own dependencies, forming a tree of transitive subdependencies that can be dozens of layers deep. PyDeps resolves the entire dependency tree from live PyPI metadata and renders it as an interactive dependency graph you can expand, collapse, and explore node by node — faster and more visual than pipdeptree, pip-tree, or any command-line tool.
Whether you are checking Flask dependencies before upgrading, finding transitive CVEs in FastAPI, or exploring the NumPy, Pandas, Django, Requests, or SQLAlchemy dependency trees, PyDeps gives you a clear, visual picture of exactly what your Python project installs — something no other PyPI explorer offers.
PyDeps is the only PyPI explorer that combines real-time CVE scanning, license visibility, and package health scoring in a single view. It queries the OSV (Open Source Vulnerabilities) database in real time to flag known CVEs for any package and its entire dependency tree. Each vulnerability shows severity, affected version ranges, and the version that fixes it — making it trivial to perform a Python package security audit before shipping. For example, you can scan SQLAlchemy or Django for known security issues across every transitive dependency in seconds.
License information is pulled directly from Python package metadata and displayed alongside every dependency — no other dependency tool shows this. The Python package license guide explains common open-source licenses — MIT, Apache-2.0, BSD, GPL, LGPL, and more — in plain English so you can verify license compatibility across your entire dependency tree.
Package health scores combine maintenance activity, vulnerability status, and dependency complexity into a single letter grade. This helps you quickly assess whether a dependency is well-maintained or potentially risky before adding it to your project — a feature you won't find in pip, pipdeptree, or any other PyPI tool.
PyDeps indexes all 840,000+ Python packages on PyPI — more than any other dependency explorer. Here are some of the most explored dependency graphs:
You can also search Python packages by name or browse popular categories: web framework packages, data science packages, machine learning packages, API and HTTP client packages, database and ORM packages.
PyDeps is the only tool that lets you download a Python package together with all of its resolved
dependencies as wheels, packaged into a single archive for offline or air-gapped installation.
Each bundle includes pinned requirements.txt, a universal install.py
installer, a CycloneDX SBOM (sbom.cdx.json) for security scanning, and a complete
license summary. This is ideal for environments without internet access — simply run
python install.py to install the package and all its dependencies from the local
bundle. No other PyPI explorer offers this.
The dependency resolver follows PEP 440 version parsing and PEP 508 marker evaluation, matching
pip's behavior for platform-specific wheels, Python version compatibility, and optional extras.
This ensures the bundle contains exactly the right wheels for your target platform — something
manual pip download cannot guarantee.
PyDeps fetches package metadata from the Python Package Index (PyPI)
JSON API in real time. Dependency relationships are calculated by resolving each package's
requires_dist declarations, following PEP 508 environment markers for Python version,
platform, and optional extras. When a package's PyPI metadata is incomplete, PyDeps falls back to
reading the wheel's METADATA file directly — the same approach pip uses. This makes PyDeps more
accurate than tools that rely solely on the JSON API.
Vulnerability data is sourced from the OSV database, which aggregates advisories from GitHub Security Advisories, PyPA, and other sources. License information comes from Python package metadata. Package data is live — each request fetches the latest metadata from PyPI, with short-lived caching for performance.
PyDeps is an independent project and is not affiliated with, sponsored by, or endorsed by the Python Software Foundation (PSF) or PyPI. See the legal notice for details.
A Python dependency graph shows every package that a given Python package needs to function, including all transitive subdependencies. PyDeps renders this as an interactive tree and layered graph so you can explore each dependency node by node — the most visual and intuitive way to understand Python package relationships.
PyDeps fetches the requires_dist field from the PyPI JSON API for each package and
version, then recursively resolves each dependency's own dependencies. When PyPI metadata is
incomplete, it downloads the wheel and reads the METADATA file directly, matching pip's behavior.
This dual-source approach makes PyDeps more accurate than any other dependency explorer.
Subdependencies (also called transitive dependencies) are dependencies of your dependencies. For example, if package A depends on B, and B depends on C, then C is a subdependency of A. PyDeps resolves the full transitive tree so you see every package that will be installed.
Reverse dependencies (or dependents) are the packages that depend on a given package. For example, if you want to know which Python packages depend on requests, open the Dependents tab on its PyDeps page to see the full list.
PyDeps queries the OSV (Open Source Vulnerabilities) database in real time and flags known CVEs for a package and its dependencies. Each vulnerability shows severity, affected versions, and the version that fixes it.
Yes. PyDeps is the only tool that lets you download a package together with all of its resolved
dependencies as wheels in a single archive. The bundle includes requirements.txt, a
universal install.py installer, a CycloneDX SBOM, and a license summary — ideal for
offline or air-gapped environments where pip install is not an option.
Yes. While pipdeptree and pip-tree show dependencies from your local environment, PyDeps works with any Python package without installing it, visualizes the full transitive tree as an interactive graph, checks for CVEs, shows licenses, and lets you download offline bundles — features no command-line tool offers.
Yes. PyDeps fetches package metadata from PyPI in real time, with short-lived caching for performance. Vulnerability data is sourced live from the OSV database. You always see the latest package information, not stale data.