Tools / AutoGPT / Dependencies

Dependency Analysis

AutoGPT

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

49% Freshness

2500 Dependencies

1060 Outdated

0 Stale

16.8 Avg Behind

Dependency List

Latest release autogpt-platform-beta-v0.6.58

All 2499 Outdated 1385 Has CVE 65 GPL 32

Dependency	Type	Current	Latest	Behind	CVE	License
yt-dlp pypi	Direct	2025.12.8	2026.5.25.234532.dev0	66 behind	1 high	Unlicense AND Unlicense AND GPL-3.0-or-later AND MPL-2.0 AND MIT AND BSD-3-Clause AND Apache-2.0 AND MIT AND GPL-2.0-or-later AND BSD-3-Clause AND MIT AND LGPL-2.1-only AND BSD-2-Clause AND BSD-3-Clause AND GPL-2.0-or-later
lxml pypi	Direct	6.0.2	6.1.1	4 behind	1 high	BSD-3-Clause AND GPL-1.0-or-later
chardet pypi	Transitive	5.2.0	7.4.3	13 behind	—	LGPL-2.1-or-later
dulwich pypi	Transitive	0.24.10	1.2.6	12 behind	—	Apache-2.0 AND GPL-2.0-only
charset-normalizer pypi	Direct	3.3.2	3.4.7	8 behind	—	LGPL-2.1-only AND MIT AND MPL-1.1
shepherd.js npm	Direct	14.5.1	15.2.2	3 behind	—	AGPL-3.0 AND AGPL-3.0-only
typing-extensions pypi	Direct	4.14.1	4.15.0	2 behind	—	Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD
@opentelemetry/api npm	Transitive	1.9.0	1.9.1	1 behind	—	Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only)
courlan pypi	Direct	1.3.2	1.4.0	1 behind	—	Apache-2.0 AND CC-BY-2.0 AND GPL-3.0-or-later
html2text pypi	Direct	2024.2.26	2025.4.15	1 behind	—	GPL-1.0-or-later AND GPL-3.0 AND GPL-3.0-only AND GPL-3.0-or-later
htmldate pypi	Direct	1.9.4	1.10.0	1 behind	—	Apache-2.0 AND GPL-3.0-or-later
patchelf pypi	Direct	0.17.2.4	0.18.0.0	1 behind	—	Apache-2.0 AND GPL-1.0-or-later AND GPL-3.0 AND GPL-3.0-only AND GPL-3.0-or-later
psycopg2-binary pypi	Direct	2.9.11	2.9.12	1 behind	—	LGPL-2.0-or-later AND LGPL-3.0-or-later
tld pypi	Direct	0.13.1	0.13.2	1 behind	—	(GPL-2.0-only AND LGPL-2.1-only AND LGPL-2.1-or-later AND MPL-1.1) OR (GPL-2.0-only AND LGPL-2.1-only AND MPL-1.1)
@img/sharp-libvips-darwin-arm64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-darwin-x64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-arm npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-arm64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-ppc64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-riscv64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-s390x npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-x64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linuxmusl-arm64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linuxmusl-x64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-win32-arm64 npm	Transitive	0.34.5	0.34.5	Current	—	Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-win32-ia32 npm	Transitive	0.34.5	0.34.5	Current	—	Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-win32-x64 npm	Transitive	0.34.5	0.34.5	Current	—	Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
demjson3 pypi	Direct	3.0.6	3.0.6	Current	—	GPL-3.0-or-later AND LGPL-2.0-or-later AND LGPL-3.0-only
gitdb pypi	Direct	4.0.12	4.0.12	Current	—	BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later
jszip npm	Direct	3.10.1	3.10.1	Current	—	GPL-3.0-only OR MIT
trafilatura pypi	Direct	2.0.0	2.0.0	Current	—	Apache-2.0 AND GPL-3.0-or-later
typing-extensions pypi	Transitive	4.15.0	4.15.0	Current	—	Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD

License Breakdown

MIT 1714

Apache-2.0 259

Unknown 100

ISC 93

BSD-3-Clause 76

BSD-2-Clause AND BSD-3-Clause 39

BSD-2-Clause 38

Apache-2.0 AND MIT 12

BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0 10

FSL-1.1-MIT 9

MPL-2.0 9

BSD-3-Clause AND MIT 7

MIT AND Python-2.0 7

CC0-1.0 AND MIT 6

Apache-2.0 AND BSD-2-Clause 5

Apache-2.0 AND BSD-3-Clause 4

Apache-2.0 AND BSD-3-Clause AND MPL-2.0 4

BSD-3-Clause AND LicenseRef-scancode-protobuf 4

BlueOak-1.0.0 4

ISC AND MIT 4

MIT-0 4

0BSD 3

Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0 3

Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 2

Apache-2.0 AND GPL-3.0-or-later 2

BSD-2-Clause AND BSD-3-Clause AND MIT 2

BSD-3-Clause AND LicenseRef-scancode-generic-cla AND MIT 2

CC-BY-4.0 AND LicenseRef-scancode-public-domain AND MIT 2

CC0-1.0 2

CNRI-Python AND Apache-2.0 2

LicenseRef-scancode-public-domain AND Unlicense 2

LicenseRef-scancode-secret-labs-2011 AND MIT-CMU 2

LicenseRef-scancode-unicode AND MIT 2

PSF-2.0 2

Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD 2

Python-2.0.1 2

Unlicense 2

(GPL-2.0-only AND LGPL-2.1-only AND LGPL-2.1-or-later AND MPL-1.1) OR (GPL-2.0-only AND LGPL-2.1-only AND MPL-1.1) 1

0BSD AND BSD-3-Clause AND LicenseRef-scancode-other-permissive AND MIT AND Python-2.0 1

0BSD AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND PSF-2.0 AND Python-2.0 1

0BSD AND ISC AND MIT 1

0BSD AND MIT 1

AFL-2.1 AND AFL-3.0 AND BSD-3-Clause 1

AGPL-3.0 AND AGPL-3.0-only 1

Apache-2.0 AND BSD-3-Clause AND MIT AND OFL-1.1 1

Apache-2.0 AND BSD-3-Clause AND MIT AND Zlib 1

Apache-2.0 AND CC-BY-2.0 AND GPL-3.0-or-later 1

Apache-2.0 AND CC-BY-3.0 AND CC-BY-4.0 AND CC-BY-SA-3.0 AND CC0-1.0 AND ISC AND LicenseRef-scancode-unknown-license-reference AND MIT AND MPL-2.0 AND OFL-1.1 1

Apache-2.0 AND GPL-1.0-or-later AND GPL-3.0 AND GPL-3.0-only AND GPL-3.0-or-later 1

Apache-2.0 AND GPL-2.0-only 1

Apache-2.0 AND ISC 1

Apache-2.0 AND LicenseRef-scancode-free-unknown 1

Apache-2.0 AND LicenseRef-scancode-generic-cla 1

Apache-2.0 AND LicenseRef-scancode-unknown-license-reference 1

Apache-2.0 AND MIT AND MPL-2.0 1

Apache-2.0 AND Python-2.0 1

Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only) 1

Apache-2.0 OR BSD-3-Clause OR (Apache-2.0 AND BSD-3-Clause) 1

Apache-2.0 OR MPL-2.0 1

Artistic-2.0 1

BSD-2-Clause AND BSD-2-Clause-Views 1

BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later 1

BSD-2-Clause AND BSD-3-Clause AND ISC 1

BSD-2-Clause AND BSD-3-Clause AND MIT AND Python-2.0 AND Ruby 1

BSD-2-Clause AND CC0-1.0 AND ISC AND MIT 1

BSD-2-Clause AND LicenseRef-scancode-other-permissive 1

BSD-2-Clause AND MIT 1

BSD-3-Clause AND GPL-1.0-or-later 1

BSD-3-Clause AND ISC AND MIT 1

CC-BY-3.0 AND MIT 1

CC-BY-4.0 1

CC0-1.0 AND Unlicense 1

CC0-1.0 OR MIT OR (CC0-1.0 AND MIT) 1

GPL-1.0-or-later AND GPL-3.0 AND GPL-3.0-only AND GPL-3.0-or-later 1

GPL-3.0-only OR MIT 1

GPL-3.0-or-later AND LGPL-2.0-or-later AND LGPL-3.0-only 1

ISC AND JSON AND MIT 1

ISC AND MPL-2.0 1

LGPL-2.0-or-later AND LGPL-3.0-or-later 1

LGPL-2.1-only AND MIT AND MPL-1.1 1

LGPL-2.1-or-later 1

LicenseRef-scancode-commercial-license AND LicenseRef-scancode-other-permissive AND MIT 1

MIT AND MIT-0 1

MIT AND MPL-2.0 1

MIT AND PSF-2.0 1

MIT AND PSF-2.0 AND Python-2.0 1

MIT AND Python-2.0 AND MIT 1

MIT AND ZPL-2.1 1

MIT AND Zlib 1

MIT OR (CC0-1.0 AND MIT) 1

PSF-2.0 AND Python-2.0 1

Python-2.0 1

Python-2.0 AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD 1

Unlicense AND Unlicense AND GPL-3.0-or-later AND MPL-2.0 AND MIT AND BSD-3-Clause AND Apache-2.0 AND MIT AND GPL-2.0-or-later AND BSD-3-Clause AND MIT AND LGPL-2.1-only AND BSD-2-Clause AND BSD-3-Clause AND GPL-2.0-or-later 1

CVE Severity

critical 5

high 35

medium 19

low 6

unknown 0