Semgrep is used in Python projects. Lightweight static analysis for many languages. Find bug variants with patterns that look like source code. It has 27 direct runtime dependencies. Check its dependency graph on PyDeps to understand the full transitive dependency tree, reverse dependents, known CVEs, and license compatibility before installing.
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Semgrep declares 27 direct runtime dependencies, each of which is resolved and rendered as an expandable node in the graph:
Beyond its direct dependencies, Semgrep pulls in further packages through its dependency tree. PyDeps walks the entire chain from PyPI and deps.dev so you can see every transitive (nested) dependency, expand any node on demand, and understand the full set of code that ships when you install Semgrep.
Semgrep is distributed under the LGPL-2.1-or-later license. Use the vulnerability panel, powered by the OSV database, to check whether Semgrep or anything in its dependency tree has known CVEs before you ship, and review the license of every dependency to confirm compatibility with your project.
In the interactive graph each node is a package and each edge is a version constraint. Expand a node to load its subdependencies, switch to the dependents view to see which packages rely on Semgrep, and download Semgrep together with all of its dependencies as wheels for offline or air-gapped installs.