Dependency Analysis
Guardrails
Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.
58%
Freshness
333
Dependencies
90
Outdated
0
Stale
2.6
Avg Behind
Dependency List
Latest release v0.21.0
| Dependency | Type | Current | Latest | Behind | CVE | License |
|---|---|---|---|---|---|---|
|
langchain-core
pypi
|
Direct | 1.2.17 | 1.4.0 | 27 behind | 2 high | Unknown |
|
gitpython
pypi
|
Transitive | 3.1.46 | 3.1.50 | 4 behind | 4 high | BSD-3-Clause |
|
pillow
pypi
|
Transitive | 11.3.0 | 12.2.0 | 4 behind | 6 high | LicenseRef-scancode-secret-labs-2011 AND MIT-CMU |
|
simpleeval
pypi
|
Direct | 1.0.3 | 1.0.7 | 4 behind | 1 high | LicenseRef-scancode-warranty-disclaimer AND MIT |
|
tornado
pypi
|
Direct | 6.5.4 | 6.5.6 | 2 behind | 3 high | Apache-2.0 |
|
pyasn1
pypi
|
Transitive | 0.6.2 | 0.6.3 | 1 behind | 1 high | BSD-2-Clause AND BSD-3-Clause AND MIT |
|
langsmith
pypi
|
Transitive | 0.7.12 | 0.8.9 | 36 behind | 1 medium | Unknown |
|
scikit-learn
pypi
|
Direct | 1.2.2 | 1.9.0 | 23 behind | 1 medium | BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference |
|
requests
pypi
|
Transitive | 2.32.5 | 2.34.2 | 6 behind | 1 medium | Apache-2.0 |
|
cryptography
pypi
|
Transitive | 46.0.5 | 48.0.0 | 4 behind | 2 medium | Apache-2.0 AND BSD-3-Clause |
|
pytest
pypi
|
Direct | 8.4.2 | 9.0.3 | 4 behind | 1 medium | MIT |
|
aiohttp
pypi
|
Direct | 3.13.3 | 3.14.0 | 3 behind | 10 medium | Apache-2.0 AND MIT |
|
langchain-text-splitters
pypi
|
Transitive | 1.1.1 | 1.1.2 | 1 behind | 1 medium | Unknown |
|
langchain-openai
pypi
|
Direct | 1.1.10 | 1.2.2 | 9 behind | 1 low | MIT |
|
pygments
pypi
|
Transitive | 2.19.2 | 2.20.0 | 1 behind | 1 low | BSD-2-Clause |
|
numpy
pypi
|
Direct | 1.23.5 | 2.4.6 | 41 behind | — | BSD-2-Clause |
|
sphinx-autodoc-typehints
pypi
|
Direct | 2.3.0 | 3.10.5 | 39 behind | — | MIT |
|
huggingface-hub
pypi
|
Transitive | 1.5.0 | 1.17.0 | 38 behind | — | Unknown |
|
wrapt
pypi
|
Transitive | 1.17.3 | 2.2.1 | 33 behind | — | BSD-2-Clause |
|
sphinx
pypi
|
Direct | 7.4.7 | 9.1.0 | 27 behind | — | BSD-2-Clause AND BSD-3-Clause |
|
langgraph
pypi
|
Transitive | 1.0.10 | 1.2.4 | 25 behind | — | MIT |
|
ruff
pypi
|
Direct | 0.14.6 | 0.15.15 | 24 behind | — | MIT |
|
google-auth
pypi
|
Transitive | 2.48.0 | 3.0.0.dev0 | 21 behind | — | Apache-2.0 |
|
altair
pypi
|
Transitive | 6.0.0 | 6.2.0.dev20260601 | 20 behind | — | BSD-3-Clause AND MIT |
|
thinc
pypi
|
Transitive | 8.3.10 | 9.1.1 | 20 behind | — | MIT |
|
langchain
pypi
|
Direct | 1.2.10 | 1.3.4 | 18 behind | — | MIT |
|
openai
pypi
|
Direct | 2.24.0 | 2.41.0 | 18 behind | — | Apache-2.0 |
|
tox
pypi
|
Direct | 4.47.3 | 4.55.1 | 16 behind | — | Unknown |
|
mpmath
pypi
|
Transitive | 1.3.0 | 1.4.1 | 15 behind | — | BSD-3-Clause |
|
numpy
pypi
|
Direct | 2.2.6 | 2.4.6 | 14 behind | — | Apache-2.0 AND BSD-3-Clause AND MIT AND Zlib |
|
spacy
pypi
|
Transitive | 3.8.11 | 4.0.0.dev3 | 14 behind | — | MIT |
|
docutils
pypi
|
Transitive | 0.21.2 | 0.23.0 | 13 behind | — | BSD-2-Clause |
|
virtualenv
pypi
|
Transitive | 21.1.0 | 21.4.2 | 12 behind | — | MIT |
|
confection
pypi
|
Transitive | 0.1.5 | 1.3.3 | 11 behind | — | MIT |
|
murmurhash
pypi
|
Transitive | 1.0.15 | 1.1.0.dev0 | 11 behind | — | MIT |
|
pytest-asyncio
pypi
|
Direct | 0.26.0 | 1.4.0 | 11 behind | — | Apache-2.0 |
|
typer
pypi
|
Direct | 0.24.1 | 0.26.7 | 11 behind | — | MIT |
|
preshed
pypi
|
Transitive | 3.0.12 | 4.0.0 | 10 behind | — | MIT |
|
pydantic
pypi
|
Direct | 2.12.5 | 2.13.4 | 10 behind | — | MIT |
|
python-discovery
pypi
|
Transitive | 1.1.0 | 1.4.0 | 10 behind | — | MIT |
|
cachetools
pypi
|
Transitive | 7.0.2 | 7.1.4 | 9 behind | — | Unknown |
|
catalogue
pypi
|
Transitive | 2.0.10 | 2.1.0 | 9 behind | — | MIT |
|
langgraph-sdk
pypi
|
Transitive | 0.3.9 | 0.4.2 | 9 behind | — | MIT |
|
protobuf
pypi
|
Direct | 6.33.5 | 7.35.0 | 9 behind | — | BSD-3-Clause AND LicenseRef-scancode-protobuf |
|
pydantic-core
pypi
|
Transitive | 2.41.5 | 2.47.0 | 9 behind | — | MIT |
|
langgraph-checkpoint
pypi
|
Transitive | 4.0.1 | 4.1.1 | 8 behind | — | MIT |
|
langgraph-prebuilt
pypi
|
Transitive | 1.0.8 | 1.1.0 | 8 behind | — | MIT |
|
uvicorn
pypi
|
Direct | 0.41.0 | 0.49.0 | 8 behind | — | BSD-3-Clause |
|
narwhals
pypi
|
Transitive | 2.17.0 | 2.22.0 | 7 behind | — | MIT |
|
onnxruntime
pypi
|
Direct | 1.23.2 | 1.26.0 | 7 behind | — | Unknown |
|
pandas
pypi
|
Direct | 2.3.3 | 3.0.3 | 7 behind | — | BSD-2-Clause AND BSD-3-Clause |
|
fastapi
pypi
|
Direct | 0.135.1 | 0.136.3 | 6 behind | — | MIT |
|
hf-xet
pypi
|
Transitive | 1.3.2 | 1.5.1.dev1 | 6 behind | — | Unknown |
|
langchain-classic
pypi
|
Transitive | 1.0.1 | 1.0.7 | 6 behind | — | MIT |
|
marshmallow
pypi
|
Transitive | 3.26.2 | 4.3.0 | 6 behind | — | BSD-3-Clause AND MIT |
|
phonenumbers
pypi
|
Transitive | 9.0.25 | 9.0.31 | 6 behind | — | Unknown |
|
starlette
pypi
|
Direct | 0.52.1 | 1.2.1 | 6 behind | — | BSD-3-Clause |
|
filelock
pypi
|
Transitive | 3.25.0 | 3.29.1 | 5 behind | — | MIT |
|
grpcio
pypi
|
Transitive | 1.78.0 | 1.81.0 | 5 behind | — | Apache-2.0 AND BSD-3-Clause AND MPL-2.0 |
|
grpcio-status
pypi
|
Transitive | 1.78.0 | 1.81.0 | 5 behind | — | Apache-2.0 AND BSD-3-Clause AND MPL-2.0 |
|
langchain-nvidia-ai-endpoints
pypi
|
Direct | 1.1.0 | 1.4.1 | 5 behind | — | Unknown |
|
pydata-sphinx-theme
pypi
|
Transitive | 0.16.1 | 0.18.0 | 5 behind | — | BSD-3-Clause |
|
uuid-utils
pypi
|
Transitive | 0.14.1 | 0.16.0 | 5 behind | — | Unknown |
|
click
pypi
|
Transitive | 8.3.1 | 8.4.1 | 4 behind | — | BSD-3-Clause |
|
google-api-core
pypi
|
Transitive | 2.30.0 | 2.31.0 | 4 behind | — | Apache-2.0 |
|
googleapis-common-protos
pypi
|
Transitive | 1.72.0 | 1.75.0 | 4 behind | — | Apache-2.0 |
|
opentelemetry-api
pypi
|
Direct | 1.40.0 | 1.42.1 | 4 behind | — | Apache-2.0 |
|
opentelemetry-exporter-otlp-proto-common
pypi
|
Transitive | 1.40.0 | 1.42.1 | 4 behind | — | Apache-2.0 |
|
opentelemetry-exporter-otlp-proto-grpc
pypi
|
Transitive | 1.40.0 | 1.42.1 | 4 behind | — | Unknown |
|
opentelemetry-exporter-otlp-proto-http
pypi
|
Transitive | 1.40.0 | 1.42.1 | 4 behind | — | Apache-2.0 |
|
opentelemetry-proto
pypi
|
Transitive | 1.40.0 | 1.42.1 | 4 behind | — | Apache-2.0 |
|
opentelemetry-sdk
pypi
|
Direct | 1.40.0 | 1.42.1 | 4 behind | — | Apache-2.0 |
|
charset-normalizer
pypi
|
Transitive | 3.4.4 | 3.4.7 | 3 behind | — | MIT |
|
coverage
pypi
|
Transitive | 7.13.4 | 7.14.1 | 3 behind | — | Apache-2.0 |
|
greenlet
pypi
|
Transitive | 3.3.2 | 3.5.1 | 3 behind | — | MIT AND PSF-2.0 |
|
httpx
pypi
|
Direct | 0.28.1 | 1.0.0.dev3 | 3 behind | — | BSD-3-Clause |
|
markdown-it-py
pypi
|
Transitive | 3.0.0 | 4.2.0 | 3 behind | — | MIT |
|
platformdirs
pypi
|
Transitive | 4.9.2 | 4.10.0 | 3 behind | — | MIT |
|
pydeck
pypi
|
Transitive | 0.9.1 | 0.9.2 | 3 behind | — | Apache-2.0 |
|
python-multipart
pypi
|
Transitive | 0.0.27 | 0.0.30 | 3 behind | — | Apache-2.0 |
|
regex
pypi
|
Transitive | 2026.2.28 | 2026.5.9 | 3 behind | — | CNRI-Python AND Apache-2.0 |
|
sqlalchemy
pypi
|
Transitive | 2.0.48 | 2.0.50 | 3 behind | — | MIT |
|
sse-starlette
pypi
|
Transitive | 3.4.1 | 3.4.4 | 3 behind | — | Unknown |
|
streamlit
pypi
|
Direct | 1.55.0 | 1.58.0 | 3 behind | — | Unknown |
|
tokenizers
pypi
|
Transitive | 0.22.2 | 0.23.1 | 3 behind | — | Apache-2.0 |
|
async-timeout
pypi
|
Transitive | 4.0.3 | 5.0.1 | 2 behind | — | Apache-2.0 |
|
certifi
pypi
|
Transitive | 2026.2.25 | 2026.5.20 | 2 behind | — | MPL-2.0 |
|
fsspec
pypi
|
Transitive | 2026.2.0 | 2026.4.0 | 2 behind | — | BSD-3-Clause |
|
identify
pypi
|
Transitive | 2.6.17 | 2.6.19 | 2 behind | — | MIT |
|
importlib-metadata
pypi
|
Transitive | 8.7.1 | 9.0.0 | 2 behind | — | Apache-2.0 |
|
jiter
pypi
|
Transitive | 0.13.0 | 0.15.0 | 2 behind | — | MIT |
|
jsonpointer
pypi
|
Transitive | 3.0.0 | 3.1.1 | 2 behind | — | BSD-3-Clause |
|
literalai
pypi
|
Transitive | 0.1.201 | 0.1.300 | 2 behind | — | Apache-2.0 |
|
mcp
pypi
|
Transitive | 1.27.0 | 1.27.2 | 2 behind | — | Unknown |
|
mdit-py-plugins
pypi
|
Transitive | 0.5.0 | 0.6.1 | 2 behind | — | MIT |
|
myst-parser
pypi
|
Direct | 4.0.1 | 5.1.0 | 2 behind | — | MIT |
|
orjson
pypi
|
Transitive | 3.11.7 | 3.11.9 | 2 behind | — | Apache-2.0 AND MIT AND MPL-2.0 |
|
proto-plus
pypi
|
Transitive | 1.27.1 | 1.28.0 | 2 behind | — | Apache-2.0 |
|
py-rust-stemmers
pypi
|
Transitive | 0.1.5 | 0.1.8 | 2 behind | — | MIT |
|
pydantic-settings
pypi
|
Direct | 2.13.1 | 2.14.1 | 2 behind | — | MIT |
|
pyreadline3
pypi
|
Transitive | 3.5.4 | 3.5.6 | 2 behind | — | BSD-2-Clause |
|
pyright
pypi
|
Direct | 1.1.408 | 1.1.410 | 2 behind | — | MIT |
|
pytest-httpx
pypi
|
Direct | 0.35.0 | 0.36.2 | 2 behind | — | MIT |
|
rich
pypi
|
Direct | 14.3.3 | 15.0.0 | 2 behind | — | MIT |
|
smart-open
pypi
|
Transitive | 7.5.1 | 7.6.1 | 2 behind | — | MIT |
|
smmap
pypi
|
Transitive | 5.0.2 | 6.0.0 | 2 behind | — | BSD-3-Clause |
|
snowballstemmer
pypi
|
Transitive | 3.0.1 | 3.1.1 | 2 behind | — | BSD-3-Clause |
|
spacy-legacy
pypi
|
Transitive | 3.0.12 | 4.0.0.dev1 | 2 behind | — | MIT |
|
sphinx-reredirects
pypi
|
Direct | 0.1.6 | 1.1.0 | 2 behind | — | BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND MIT |
|
sphinxcontrib-mermaid
pypi
|
Direct | 2.0.0 | 2.0.2 | 2 behind | — | Unknown |
|
zipp
pypi
|
Transitive | 3.23.0 | 4.1.0 | 2 behind | — | MIT |
|
aiohappyeyeballs
pypi
|
Transitive | 2.6.1 | 2.6.2 | 1 behind | — | 0BSD AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND PSF-2.0 AND Python-2.0 |
|
alabaster
pypi
|
Transitive | 0.7.16 | 1.0.0 | 1 behind | — | BSD-2-Clause AND BSD-3-Clause |
|
anyio
pypi
|
Transitive | 4.12.1 | 4.13.0 | 1 behind | — | MIT |
|
attrs
pypi
|
Transitive | 25.4.0 | 26.1.0 | 1 behind | — | MIT |
|
cloudpathlib
pypi
|
Transitive | 0.23.0 | 0.24.0 | 1 behind | — | MIT |
|
distlib
pypi
|
Transitive | 0.4.0 | 0.4.1 | 1 behind | — | PSF-2.0 AND Python-2.0 |
|
fast-langdetect
pypi
|
Direct | 1.0.0 | 1.0.1 | 1 behind | — | Unknown |
|
fastembed
pypi
|
Direct | 0.7.4 | 0.8.0 | 1 behind | — | Apache-2.0 AND CC-BY-NC-4.0 AND LicenseRef-scancode-unknown-license-reference |
|
google-cloud-language
pypi
|
Direct | 2.19.0 | 2.20.0 | 1 behind | — | Unknown |
|
langchain-community
pypi
|
Direct | 0.4.1 | 0.4.2 | 1 behind | — | MIT |
|
mmh3
pypi
|
Transitive | 5.2.0 | 5.2.1 | 1 behind | — | CC-BY-4.0 AND LicenseRef-scancode-public-domain AND MIT |
|
opentelemetry-instrumentation-agno
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-alephalpha
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-anthropic
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-bedrock
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-chromadb
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-cohere
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-crewai
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-google-generativeai
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-groq
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-haystack
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-lancedb
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-langchain
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-llamaindex
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-marqo
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-mcp
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-milvus
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-mistralai
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-ollama
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-openai
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-openai-agents
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-pinecone
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-qdrant
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-replicate
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-sagemaker
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-together
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-transformers
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-vertexai
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-voyageai
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-watsonx
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-weaviate
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
opentelemetry-instrumentation-writer
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
pre-commit
pypi
|
Direct | 4.5.1 | 4.6.0 | 1 behind | — | MIT |
|
presidio-analyzer
pypi
|
Direct | 2.2.361 | 2.2.362 | 1 behind | — | Unknown |
|
presidio-anonymizer
pypi
|
Direct | 2.2.361 | 2.2.362 | 1 behind | — | Unknown |
|
propcache
pypi
|
Transitive | 0.4.1 | 0.5.2 | 1 behind | — | Apache-2.0 |
|
pyarrow
pypi
|
Transitive | 23.0.1 | 24.0.0 | 1 behind | — | Apache-2.0 |
|
pyjwt
pypi
|
Transitive | 2.12.1 | 2.13.0 | 1 behind | — | MIT |
|
pyproject-api
pypi
|
Transitive | 1.10.0 | 1.10.1 | 1 behind | — | MIT |
|
pytest-cov
pypi
|
Direct | 7.0.0 | 7.1.0 | 1 behind | — | MIT |
|
python-engineio
pypi
|
Transitive | 4.13.1 | 4.13.2 | 1 behind | — | Unknown |
|
python-socketio
pypi
|
Transitive | 5.16.1 | 5.16.2 | 1 behind | — | Unknown |
|
rpds-py
pypi
|
Transitive | 0.30.0 | 2026.5.1 | 1 behind | — | MIT |
|
setuptools
pypi
|
Transitive | 82.0.0 | 82.0.1 | 1 behind | — | MIT |
|
soupsieve
pypi
|
Transitive | 2.8.3 | 2.8.4 | 1 behind | — | MIT |
|
sphinx-autobuild
pypi
|
Direct | 2024.10.3 | 2025.8.25 | 1 behind | — | MIT |
|
sphinx-design
pypi
|
Direct | 0.6.1 | 0.7.0 | 1 behind | — | Unknown |
|
srsly
pypi
|
Transitive | 2.5.2 | 3.0.0 | 1 behind | — | MIT |
|
tiktoken
pypi
|
Transitive | 0.12.0 | 0.13.0 | 1 behind | — | MIT |
|
tomli
pypi
|
Transitive | 2.4.0 | 2.4.1 | 1 behind | — | MIT |
|
traceloop-sdk
pypi
|
Transitive | 0.60.0 | 0.61.0 | 1 behind | — | Unknown |
|
urllib3
pypi
|
Transitive | 2.6.3 | 2.7.0 | 1 behind | — | MIT |
|
watchfiles
pypi
|
Transitive | 1.1.1 | 1.2.0 | 1 behind | — | MIT |
|
wcwidth
pypi
|
Transitive | 0.6.0 | 0.7.0 | 1 behind | — | MIT AND HPND-Markus-Kuhn |
|
weasel
pypi
|
Transitive | 0.4.3 | 1.0.0 | 1 behind | — | MIT |
|
xxhash
pypi
|
Transitive | 3.6.0 | 3.7.0 | 1 behind | — | BSD-2-Clause AND BSD-3-Clause |
|
yarl
pypi
|
Transitive | 1.23.0 | 1.24.2 | 1 behind | — | Apache-2.0 |
|
accessible-pygments
pypi
|
Transitive | 0.0.5 | 0.0.5 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
actions/cache
githubactions
|
Direct | 4.*.* | — | — | — | Unknown |
|
actions/checkout
githubactions
|
Direct | 6.*.* | — | — | — | Unknown |
|
actions/download-artifact
githubactions
|
Direct | 7.*.* | — | — | — | Unknown |
|
actions/setup-python
githubactions
|
Direct | 6.*.* | — | — | — | Unknown |
|
actions/upload-artifact
githubactions
|
Direct | 6.*.* | — | — | — | Unknown |
|
aiofiles
pypi
|
Direct | 25.1.0 | 25.1.0 | Current | — | Apache-2.0 |
|
aiohttp-retry
pypi
|
Direct | 2.9.1 | 2.9.1 | Current | — | MIT |
|
aioresponses
pypi
|
Direct | 0.7.8 | 0.7.8 | Current | — | MIT |
|
aiosignal
pypi
|
Transitive | 1.4.0 | 1.4.0 | Current | — | Apache-2.0 |
|
annotated-doc
pypi
|
Transitive | 0.0.4 | 0.0.4 | Current | — | MIT |
|
annotated-types
pypi
|
Transitive | 0.7.0 | 0.7.0 | Current | — | MIT |
|
annoy
pypi
|
Direct | 1.17.3 | 1.17.3 | Current | — | Apache-2.0 |
|
asyncer
pypi
|
Transitive | 0.0.17 | 0.0.17 | Current | — | Unknown |
|
audioop-lts
pypi
|
Transitive | 0.2.2 | 0.2.2 | Current | — | Python-2.0 AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD |
|
babel
pypi
|
Transitive | 2.18.0 | 2.18.0 | Current | — | BSD-3-Clause |
|
beautifulsoup4
pypi
|
Transitive | 4.14.3 | 4.14.3 | Current | — | MIT |
|
bidict
pypi
|
Transitive | 0.23.1 | 0.23.1 | Current | — | MPL-2.0 |
|
blinker
pypi
|
Transitive | 1.9.0 | 1.9.0 | Current | — | MIT |
|
blis
pypi
|
Transitive | 1.3.3 | 1.3.3 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
cffi
pypi
|
Transitive | 2.0.0 | 2.0.0 | Current | — | MIT-0 |
|
cfgv
pypi
|
Transitive | 3.5.0 | 3.5.0 | Current | — | MIT |
|
chainlit
pypi
|
Direct | 2.11.1 | 2.11.1 | Current | — | Unknown |
|
chevron
pypi
|
Transitive | 0.14.0 | 0.14.0 | Current | — | MIT |
|
codecov/codecov-action
githubactions
|
Direct | 5.*.* | — | — | — | Unknown |
|
colorama
pypi
|
Transitive | 0.4.6 | 0.4.6 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
coloredlogs
pypi
|
Direct | 15.0.1 | 15.0.1 | Current | — | MIT |
|
colorlog
pypi
|
Transitive | 6.10.1 | 6.10.1 | Current | — | MIT |
|
cuid
pypi
|
Transitive | 0.4 | 0.4.0 | — | — | Apache-2.0 |
|
cymem
pypi
|
Transitive | 2.0.13 | 2.0.13 | Current | — | MIT |
|
dataclasses-json
pypi
|
Direct | 0.6.7 | 0.6.7 | Current | — | MIT |
|
deprecated
pypi
|
Transitive | 1.3.1 | 1.3.1 | Current | — | MIT |
|
distro
pypi
|
Transitive | 1.9.0 | 1.9.0 | Current | — | Apache-2.0 |
|
docker/build-push-action
githubactions
|
Direct | 6.*.* | — | — | — | Unknown |
|
docker/setup-buildx-action
githubactions
|
Direct | 3.*.* | — | — | — | Unknown |
|
einops
|
Direct | >= 0.7.0 | — | — | — | Unknown |
|
exceptiongroup
pypi
|
Transitive | 1.3.1 | 1.3.1 | Current | — | MIT AND Python-2.0 |
|
fastapi
|
Direct | >= 0.103.1 | — | — | — | Unknown |
|
fastapi
|
Direct | >= 0.109.1 | — | — | — | Unknown |
|
fastapi
|
Direct | >= 0.100.0 | — | — | — | Unknown |
|
fastapi
|
Direct | >= 0.103.0 | — | — | — | Unknown |
|
fasttext-predict
pypi
|
Transitive | 0.9.2.4 | 0.9.2.4 | Current | — | MIT |
|
filetype
pypi
|
Transitive | 1.2.0 | 1.2.0 | Current | — | MIT |
|
flatbuffers
pypi
|
Transitive | 25.12.19 | 25.12.19 | Current | — | Unknown |
|
frozenlist
pypi
|
Transitive | 1.8.0 | 1.8.0 | Current | — | Apache-2.0 |
|
gitdb
pypi
|
Transitive | 4.0.12 | 4.0.12 | Current | — | BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later |
|
gliner
|
Direct | >= 0.2.0 | — | — | — | Unknown |
|
gprof2dot
pypi
|
Transitive | 2025.4.14 | 2025.4.14 | Current | — | LGPL-3.0 AND LGPL-3.0-only AND LGPL-3.0-or-later |
|
h11
pypi
|
Transitive | 0.16.0 | 0.16.0 | Current | — | MIT |
|
honcho
|
Direct | — | — | — | — | Unknown |
|
honcho
|
Direct | >= 2.0.0 | — | — | — | Unknown |
|
httpcore
pypi
|
Transitive | 1.0.9 | 1.0.9 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
httpx
|
Direct | >= 0.24.1 | — | — | — | Unknown |
|
httpx-sse
pypi
|
Transitive | 0.4.3 | 0.4.3 | Current | — | MIT |
|
humanfriendly
pypi
|
Transitive | 10.0 | 10.0.0 | — | — | MIT |
|
idna
pypi
|
Transitive | 3.11 | 3.18.0 | — | — | BSD-3-Clause |
|
imagesize
pypi
|
Transitive | 2.0.0 | 2.0.0 | Current | — | MIT |
|
inflection
pypi
|
Transitive | 0.5.1 | 0.5.1 | Current | — | MIT |
|
iniconfig
pypi
|
Transitive | 2.3.0 | 2.3.0 | Current | — | MIT |
|
jinja2
pypi
|
Direct | 3.1.6 | 3.1.6 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
jsonpatch
pypi
|
Transitive | 1.33 | 1.33.0 | — | — | BSD-3-Clause |
|
jsonschema
pypi
|
Transitive | 4.26.0 | 4.26.0 | Current | — | MIT |
|
jsonschema-specifications
pypi
|
Transitive | 2025.9.1 | 2025.9.1 | Current | — | MIT |
|
lark
pypi
|
Direct | 1.3.1 | 1.3.1 | Current | — | MIT AND MPL-2.0 |
|
lazify
pypi
|
Transitive | 0.4.0 | 0.4.0 | Current | — | BSD-2-Clause |
|
locust
|
Direct | — | — | — | — | Unknown |
|
locust
|
Direct | >= 2.0.0 | — | — | — | Unknown |
|
loguru
pypi
|
Transitive | 0.7.3 | 0.7.3 | Current | — | MIT |
|
markupsafe
pypi
|
Transitive | 3.0.3 | 3.0.3 | Current | — | BSD-3-Clause |
|
mdurl
pypi
|
Transitive | 0.1.2 | 0.1.2 | Current | — | MIT |
|
multidict
pypi
|
Transitive | 6.7.1 | 6.7.1 | Current | — | Apache-2.0 |
|
mypy-extensions
pypi
|
Transitive | 1.1.0 | 1.1.0 | Current | — | MIT |
|
nemoguardrails
|
Direct | >= 0.14.0 | — | — | — | Unknown |
|
nest-asyncio
pypi
|
Direct | 1.6.0 | 1.6.0 | Current | — | BSD-2-Clause |
|
nodeenv
pypi
|
Transitive | 1.10.0 | 1.10.0 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
numpy
|
Direct | >= 2.3.2 | — | — | — | Unknown |
|
nvidia-merlin/.github/.github/workflows/docs-preview-pr-common.yaml
githubactions
|
Direct | main | — | — | — | Unknown |
|
nvidia-merlin/.github/.github/workflows/docs-remove-stale-reviews-common.yaml
githubactions
|
Direct | main | — | — | — | Unknown |
|
nvidia-sphinx-theme
pypi
|
Direct | 0.0.9.post1 | 0.0.9.post1 | Current | — | Unknown |
|
opentelemetry-instrumentation
pypi
|
Transitive | 0.61b0 | 0.63.0b1 | — | — | Apache-2.0 |
|
opentelemetry-instrumentation-logging
pypi
|
Transitive | 0.61b0 | 0.63.0b1 | — | — | Unknown |
|
opentelemetry-instrumentation-redis
pypi
|
Transitive | 0.61b0 | 0.63.0b1 | — | — | Unknown |
|
opentelemetry-instrumentation-requests
pypi
|
Transitive | 0.61b0 | 0.63.0b1 | — | — | Apache-2.0 |
|
opentelemetry-instrumentation-sqlalchemy
pypi
|
Transitive | 0.61b0 | 0.63.0b1 | — | — | Unknown |
|
opentelemetry-instrumentation-threading
pypi
|
Transitive | 0.61b0 | 0.63.0b1 | — | — | Unknown |
|
opentelemetry-instrumentation-urllib3
pypi
|
Transitive | 0.61b0 | 0.63.0b1 | — | — | Apache-2.0 |
|
opentelemetry-semantic-conventions
pypi
|
Transitive | 0.61b0 | 0.63.0b1 | — | — | Apache-2.0 |
|
opentelemetry-semantic-conventions-ai
pypi
|
Transitive | 0.5.1 | 0.5.1 | Current | — | Unknown |
|
opentelemetry-util-http
pypi
|
Transitive | 0.61b0 | 0.63.0b1 | — | — | Apache-2.0 |
|
ormsgpack
pypi
|
Transitive | 1.12.2 | 1.12.2 | Current | — | (Apache-2.0 AND BSD-3-Clause AND MIT) OR (Apache-2.0 AND MIT) |
|
packaging
pypi
|
Transitive | 26.0 | 26.2.0 | — | — | Apache-2.0 AND BSD-2-Clause |
|
peter-evans/create-pull-request
githubactions
|
Direct | 5.*.* | — | — | — | Unknown |
|
pluggy
pypi
|
Transitive | 1.6.0 | 1.6.0 | Current | — | MIT |
|
prompt-toolkit
pypi
|
Direct | 3.0.52 | 3.0.52 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
pyasn1-modules
pypi
|
Transitive | 0.4.2 | 0.4.2 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
pycparser
pypi
|
Transitive | 3.0 | 3.0.0 | — | — | BSD-3-Clause |
|
pydantic
|
Direct | >= 1.10.9 | — | — | — | Unknown |
|
pydantic
|
Direct | >= 1.10 | — | — | — | Unknown |
|
pydantic
|
Direct | >= 2.0.0 | — | — | — | Unknown |
|
pydantic
|
Direct | >= 2.0 | — | — | — | Unknown |
|
pydantic-settings
|
Direct | >= 2.0 | — | — | — | Unknown |
|
pypa/gh-action-pypi-publish
githubactions
|
Direct | release/v1 | — | — | — | Unknown |
|
pytest-profiling
pypi
|
Direct | 1.8.1 | 1.8.1 | Current | — | MIT |
|
python-dateutil
pypi
|
Transitive | 2.9.0.post0 | 2.9.0.post0 | Current | — | Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference |
|
python-dotenv
pypi
|
Transitive | 1.2.2 | 1.2.2 | Current | — | BSD-3-Clause |
|
pytz
pypi
|
Transitive | 2026.1.post1 | 2026.2.0 | — | — | MIT AND ZPL-2.1 |
|
pywin32
pypi
|
Transitive | 311 | 311.0.0 | — | — | PSF-2.0 |
|
pyyaml
pypi
|
Direct | 6.0.3 | 6.0.3 | Current | — | MIT |
|
pyyaml
|
Direct | >= 6.0 | — | — | — | Unknown |
|
referencing
pypi
|
Transitive | 0.37.0 | 0.37.0 | Current | — | MIT |
|
requests-file
pypi
|
Transitive | 3.0.1 | 3.0.1 | Current | — | Apache-2.0 |
|
requests-toolbelt
pypi
|
Transitive | 1.0.0 | 1.0.0 | Current | — | Apache-2.0 |
|
robust-downloader
pypi
|
Transitive | 0.0.2 | 0.0.2 | Current | — | Apache-2.0 |
|
rsa
pypi
|
Transitive | 4.9.1 | 4.9.1 | Current | — | Apache-2.0 |
|
shellingham
pypi
|
Transitive | 1.5.4 | 1.5.4 | Current | — | ISC |
|
simple-websocket
pypi
|
Transitive | 1.1.0 | 1.1.0 | Current | — | MIT |
|
six
pypi
|
Transitive | 1.17.0 | 1.17.0 | Current | — | MIT |
|
sniffio
pypi
|
Transitive | 1.3.1 | 1.3.1 | Current | — | Apache-2.0 AND MIT |
|
spacy-loggers
pypi
|
Transitive | 1.0.5 | 1.0.5 | Current | — | MIT |
|
sphinx-copybutton
pypi
|
Direct | 0.5.2 | 0.5.2 | Current | — | MIT |
|
sphinxcontrib-applehelp
pypi
|
Transitive | 2.0.0 | 2.0.0 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
sphinxcontrib-devhelp
pypi
|
Transitive | 2.0.0 | 2.0.0 | Current | — | BSD-2-Clause |
|
sphinxcontrib-htmlhelp
pypi
|
Transitive | 2.1.0 | 2.1.0 | Current | — | BSD-2-Clause |
|
sphinxcontrib-jsmath
pypi
|
Transitive | 1.0.1 | 1.0.1 | Current | — | BSD-2-Clause |
|
sphinxcontrib-qthelp
pypi
|
Transitive | 2.0.0 | 2.0.0 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
sphinxcontrib-serializinghtml
pypi
|
Transitive | 2.0.0 | 2.0.0 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
starlette
|
Direct | >= 0.50.0 | — | — | — | Unknown |
|
starlette
|
Direct | >= 0.36.2 | — | — | — | Unknown |
|
sympy
pypi
|
Transitive | 1.14.0 | 1.14.0 | Current | — | BSD-2-Clause AND BSD-3-Clause AND MIT |
|
syncer
pypi
|
Transitive | 2.0.3 | 2.0.3 | Current | — | MIT |
|
tenacity
pypi
|
Transitive | 9.1.4 | 9.1.4 | Current | — | Apache-2.0 |
|
tldextract
pypi
|
Transitive | 5.3.1 | 5.3.1 | Current | — | BSD-3-Clause |
|
toml
pypi
|
Direct | 0.10.2 | 0.10.2 | Current | — | MIT |
|
torch
|
Direct | >= 2.9.1 | — | — | — | Unknown |
|
torch
|
Direct | >= 2.0.0 | — | — | — | Unknown |
|
tqdm
pypi
|
Direct | 4.67.3 | 4.67.3 | Current | — | MIT AND MPL-2.0 |
|
transformers
|
Direct | >= 4.57.6 | — | — | — | Unknown |
|
typer
|
Direct | >= 0.7.0 | — | — | — | Unknown |
|
typer
|
Direct | >= 0.8 | — | — | — | Unknown |
|
typer-slim
pypi
|
Transitive | 0.24.0 | 0.24.0 | Current | — | MIT |
|
typing-extensions
pypi
|
Transitive | 4.15.0 | 4.15.0 | Current | — | Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD |
|
typing-inspect
pypi
|
Transitive | 0.9.0 | 0.9.0 | Current | — | MIT |
|
typing-inspection
pypi
|
Transitive | 0.4.2 | 0.4.2 | Current | — | MIT |
|
tzdata
pypi
|
Transitive | 2025.3 | 2026.2.0 | — | — | Apache-2.0 |
|
uvicorn
|
Direct | >= 0.23.2 | — | — | — | Unknown |
|
uvicorn
|
Direct | >= 0.20.0 | — | — | — | Unknown |
|
uvicorn
|
Direct | >= 0.23 | — | — | — | Unknown |
|
wasabi
pypi
|
Transitive | 1.1.3 | 1.1.3 | Current | — | MIT |
|
watchdog
pypi
|
Direct | 6.0.0 | 6.0.0 | Current | — | Apache-2.0 AND Python-2.0 |
|
websockets
pypi
|
Transitive | 16.0 | 16.0.0 | — | — | BSD-3-Clause |
|
win32-setctime
pypi
|
Transitive | 1.2.0 | 1.2.0 | Current | — | MIT |
|
wsproto
pypi
|
Transitive | 1.3.2 | 1.3.2 | Current | — | MIT |
|
yara-python
pypi
|
Direct | 4.5.4 | 4.5.4 | Current | — | Apache-2.0 |
|
zstandard
pypi
|
Transitive | 0.25.0 | 0.25.0 | Current | — | BSD-3-Clause |
License Breakdown
Unknown
105
MIT
100
Apache-2.0
42
BSD-3-Clause
20
BSD-2-Clause AND BSD-3-Clause
15
BSD-2-Clause
10
Apache-2.0 AND BSD-3-Clause AND MPL-2.0
2
Apache-2.0 AND MIT
2
BSD-2-Clause AND BSD-3-Clause AND MIT
2
BSD-3-Clause AND MIT
2
MIT AND MPL-2.0
2
MPL-2.0
2
(Apache-2.0 AND BSD-3-Clause AND MIT) OR (Apache-2.0 AND MIT)
1
0BSD AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND PSF-2.0 AND Python-2.0
1
Apache-2.0 AND BSD-2-Clause
1
Apache-2.0 AND BSD-3-Clause
1
Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference
1
Apache-2.0 AND BSD-3-Clause AND MIT AND Zlib
1
Apache-2.0 AND CC-BY-NC-4.0 AND LicenseRef-scancode-unknown-license-reference
1
Apache-2.0 AND MIT AND MPL-2.0
1
Apache-2.0 AND Python-2.0
1
BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later
1
BSD-3-Clause AND LicenseRef-scancode-protobuf
1
BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference
1
BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND MIT
1
CC-BY-4.0 AND LicenseRef-scancode-public-domain AND MIT
1
CNRI-Python AND Apache-2.0
1
ISC
1
LGPL-3.0 AND LGPL-3.0-only AND LGPL-3.0-or-later
1
LicenseRef-scancode-secret-labs-2011 AND MIT-CMU
1
LicenseRef-scancode-warranty-disclaimer AND MIT
1
MIT AND HPND-Markus-Kuhn
1
MIT AND PSF-2.0
1
MIT AND Python-2.0
1
MIT AND ZPL-2.1
1
MIT-0
1
PSF-2.0
1
PSF-2.0 AND Python-2.0
1
Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD
1
Python-2.0 AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD
1
CVE Severity
critical
0
high
6
medium
7
low
2
unknown
0