dodgy dependencies

Dodgy is used in Python projects. Dodgy: Searches for dodgy looking lines in Python code It has no required runtime dependencies, making it lightweight to install. Check its dependency graph on PyDeps to understand the full transitive dependency tree, reverse dependents, known CVEs, and license compatibility before installing.

What is dodgy?

Dodgy: Searches for dodgy looking lines in Python code

What are the dependencies of dodgy?

dodgy has no required runtime dependencies. Installing it adds no transitive packages to your environment, which keeps installs small and minimizes the supply-chain surface you need to audit.

dodgy transitive dependencies

Beyond its direct dependencies, dodgy can pull in further packages through its dependency tree. PyDeps resolves the entire chain from PyPI and deps.dev so you can see every transitive (nested) dependency of dodgy, expand any node on demand, and understand the full set of code that ships when you run pip install dodgy.

Does dodgy have known vulnerabilities (CVEs)?

PyDeps checks dodgy and every package in its dependency tree against the OSV vulnerability database in real time. For each CVE you can see the severity, the affected version ranges, and the first fixed version, so you know exactly which dodgy version is safe to install before you ship.

What license does dodgy use?

dodgy is distributed under the MIT license. PyDeps also shows the license of every dependency in the tree so you can audit license compatibility across your whole dodgy install, not just the top-level package.

How to install dodgy with all dependencies

Install from PyPI with pip install dodgy. For offline or air-gapped environments, PyDeps can download dodgy together with every resolved dependency as wheel files in a single bundle, matched to your target Python version and operating system.

Which packages depend on dodgy?

Switch to the dependents view to see the reverse dependencies of dodgy — the PyPI packages that list dodgy as a requirement. Reverse dependencies are a strong signal of how widely a package is trusted and how disruptive a breaking change would be.

Packages related to dodgy

PyDeps