Analyze repository dependencies for health, licensing, and usage issues.
dobbe deps analyze [OPTIONS]
deps analyze reads dependency manifest files from a repository (e.g., requirements.txt, package.json, go.mod, Cargo.toml, Gemfile, pyproject.toml) and uses Claude AI to assess each dependency across multiple dimensions. The AI checks whether packages are outdated, unused in the codebase, carry license risk, or show signs of poor maintenance health, then returns structured findings with evidence and recommendations.
When run inside a git repository with no --repo flag, the command auto-detects the current repository from the working directory.
┌─────────────────────────────────────────────┐
│ dobbe deps analyze --repo org/repo │
└──────────────────────┬──────────────────────┘
│
v
┌─────────────────────────────────────────────┐
│ Parse CLI args + merge config defaults │
│ - checks from --checks or all four │
│ - format from --format or config │
└──────────────────────┬──────────────────────┘
│
v
┌─────────────────────────────────────────────┐
│ Validate check names │
│ (outdated, unused, license, health, all) │
└──────────────────────┬──────────────────────┘
│
v
┌─────────────────────────────────────────────┐
│ Auto-detect repo from CWD │
│ (when no --repo provided) │
└──────────────────────┬──────────────────────┘
│
v
┌─────────────────────────────────────────────┐
│ Discover MCP servers │
│ (~/.claude/settings.json) │
└──────────────────────┬──────────────────────┘
│
v
┌─────────────────────────────────────────────┐
│ Resolve repo access mode │
│ local clone -> read manifests directly │
│ remote -> GitHub MCP or gh API │
└──────────────────────┬──────────────────────┘
│
v
┌─────────────────────────────────────────────┐
│ Check response cache │
│ (skip if --no-cache) │
└──────────────────────┬──────────────────────┘
│
v
┌─────────────────────────────────────────────┐
│ Pre-process (local repos only) │
│ - Parse manifest files for package list │
│ - Grep imports for usage evidence │
│ - Embed data in prompt to save tokens │
└──────────────────────┬──────────────────────┘
│
v
┌─────────────────────────────────────────────┐
│ Ask Claude (structured output) │
│ - Tools: [Bash, Read, Grep, Glob] + MCP │
│ - Timeout: 600s │
│ - Effort: medium │
└──────────────────────┬──────────────────────┘
│
v
┌─────────────────────────────────────────────┐
│ Parse response │
│ - Extract JSON from Claude output │
│ - Fallback: parse markdown tables/bullets │
│ - Build DepFinding models │
└──────────────────────┬──────────────────────┘
│
v
┌─────────────────────────────────────────────┐
│ Filter by ecosystem (if --ecosystem set) │
└──────────────────────┬──────────────────────┘
│
v
┌─────────────────────────────────────────────┐
│ Build DepsReport + save session │
└──────────────────────┬──────────────────────┘
│
v
┌─────────────────────────────────────────────┐
│ Render output │
│ --format table (default) / json / markdown │
│ --output file (optional) │
└──────────────────────┬──────────────────────┘
│
v
┌─────────────────────────────────────────────┐
│ Optional: Notify │
│ --notify slack -> post to --channel │
│ --notify jira -> create tickets │
└─────────────────────────────────────────────┘
| Option | Type | Default | Description |
|---|---|---|---|
--repo / -r |
str |
- | Single repo to analyze (org/repo). Auto-detected from CWD if omitted. |
--checks / -c |
str |
outdated,unused,license,health |
Comma-separated checks to run. Valid values: outdated, unused, license, health, all. |
--ecosystem / -e |
str |
- | Filter findings to a single ecosystem (npm, pip, cargo, go, ruby, etc.) |
--format / -f |
str |
table |
Output format: table, json, markdown |
--verbose / -V |
bool |
False |
Show evidence and recommendations for each finding |
--output |
str |
- | Write output to file instead of stdout |
--notify |
str |
- | Send report to platform (slack, jira) |
--channel |
str |
- | Notification channel (e.g., #deps-alerts) |
--quiet / -q |
bool |
False |
Suppress progress output, only show final result |
--no-cache |
bool |
False |
Skip response cache, force fresh analysis |
When --checks includes all, it expands to all four checks: outdated, unused, license, health. Unknown check names are warned and ignored.
When no --repo flag is provided, deps analyze automatically detects the repository from the current working directory by inspecting the git remote. This lets you run the command with no arguments from inside a cloned repo:
cd ~/projects/my-app
dobbe deps analyze
This is equivalent to:
dobbe deps analyze --repo myorg/my-app
Analysis results are cached keyed by repository and the set of checks run. Subsequent runs with the same repo and checks return the cached result instantly without invoking Claude. Use --no-cache to bypass the cache and force a fresh analysis.
dobbe deps analyze
dobbe deps analyze --repo acme/web-app
dobbe deps analyze --repo acme/web-app --checks outdated,unused
dobbe deps analyze --repo acme/web-app --checks all --verbose
dobbe deps analyze --repo nareshnavinash/web --ecosystem npm
dobbe deps analyze --repo acme/web-app --format json --output deps-report.json
dobbe deps analyze --repo acme/web-app --format markdown --output deps-report.md
dobbe deps analyze --repo acme/web-app --notify slack --channel "#deps-alerts"
dobbe deps analyze --repo acme/web-app --format json --quiet --output deps.json
When a repository is available locally, the pipeline pre-reads manifest files before calling Claude to reduce token usage:
The pre-processor also greps source files for import statements of each declared package (capped at 5 matches per package) to provide Claude with usage evidence upfront.
Two prompt templates are used depending on available data:
gh api calls)Claude’s response is parsed into structured models with a multi-strategy fallback:
findings key (or aliases: issues, dependencies, packages, results)total_findings, unused_count, unhealthy_counttotal_findings and total_unused across repos