Semgrep Dependency Graph

Semgrep is used in Python projects. Lightweight static analysis for many languages. Find bug variants with patterns that look like source code. It has 27 direct runtime dependencies. Check its dependency graph on PyDeps to understand the full transitive dependency tree, reverse dependents, known CVEs, and license compatibility before installing.

What is Semgrep used for?

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Direct dependencies

Semgrep declares 27 direct runtime dependencies, each of which is resolved and rendered as an expandable node in the graph:

Transitive dependencies

Beyond its direct dependencies, Semgrep pulls in further packages through its dependency tree. PyDeps walks the entire chain from PyPI and deps.dev so you can see every transitive (nested) dependency, expand any node on demand, and understand the full set of code that ships when you install Semgrep.

Dependency risk and maintenance

Semgrep is distributed under the LGPL-2.1-or-later license. Use the vulnerability panel, powered by the OSV database, to check whether Semgrep or anything in its dependency tree has known CVEs before you ship, and review the license of every dependency to confirm compatibility with your project.

How to read the dependency graph

In the interactive graph each node is a package and each edge is a version constraint. Expand a node to load its subdependencies, switch to the dependents view to see which packages rely on Semgrep, and download Semgrep together with all of its dependencies as wheels for offline or air-gapped installs.

Related packages

PyDeps