Tools / langroid / Dependencies

Dependency Analysis

langroid

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

28% Freshness

602 Dependencies

359 Outdated

0 Stale

11.9 Avg Behind

Dependency List

Latest release 0.61.1

All 603 Outdated 430 Has CVE 57 GPL 28

Dependency	Type	Current	Latest	Behind	CVE	License
litellm pypi	Direct	1.60.5	1.88.0.dev1	246 behind	4 critical	LicenseRef-scancode-commercial-license AND LicenseRef-scancode-other-permissive AND MIT
fastmcp pypi	Direct	2.13.0.2	3.4.0	32 behind	5 critical	Apache-2.0
crawl4ai pypi	Direct	0.6.3	0.8.8	14 behind	2 critical	Unknown
authlib pypi	Transitive	1.6.5	1.7.2	10 behind	6 critical	BSD-3-Clause
deepdiff pypi	Transitive	8.2.0	9.1.0	10 behind	2 critical	MIT
nltk pypi	Direct	3.9.1	3.9.4	3 behind	7 critical	Apache-2.0
docling-core pypi	Transitive	2.28.1	3.0.0	92 behind	1 high	MIT
aiohttp pypi	Direct	3.11.12	3.14.0	36 behind	19 high	Apache-2.0
setuptools pypi	Transitive	75.8.0	82.0.1	35 behind	1 high	MIT
chainlit pypi	Direct	2.6.0	2.11.1	30 behind	2 high	Apache-2.0
starlette pypi	Transitive	0.41.3	1.2.1	29 behind	2 high	BSD-3-Clause
cryptography pypi	Transitive	44.0.0	48.0.0	21 behind	3 high	Apache-2.0 OR BSD-3-Clause OR (Apache-2.0 AND BSD-3-Clause)
onnx pypi	Transitive	1.17.0	1.21.0	14 behind	6 high	Apache-2.0
mcp pypi	Transitive	1.21.0	1.27.2	13 behind	1 high	MIT AND Python-2.0
orjson pypi	Transitive	3.10.15	3.11.9	13 behind	1 high	Apache-2.0 AND MIT
python-multipart pypi	Transitive	0.0.18	0.0.30	12 behind	3 high	Apache-2.0
scrapy pypi	Direct	2.12.0	2.16.0	12 behind	3 high	BSD-2-Clause AND BSD-3-Clause
black pypi	Direct	24.10.0	26.5.1	10 behind	1 high	MIT
pillow pypi	Transitive	10.4.0	12.2.0	8 behind	5 high	MIT-CMU
tornado pypi	Transitive	6.4.2	6.5.6	8 behind	4 high	Apache-2.0
lxml pypi	Direct	5.4.0	6.1.1	7 behind	1 high	BSD-3-Clause AND GPL-1.0-or-later
urllib3 pypi	Transitive	2.3.0	2.7.0	7 behind	5 high	MIT
gitpython pypi	Direct	3.1.44	3.1.50	6 behind	4 high	BSD-3-Clause
pyopenssl pypi	Transitive	25.0.0	26.2.0	6 behind	2 high	Apache-2.0
mistune pypi	Transitive	3.1.1	3.2.1	5 behind	1 high	BSD-3-Clause
jaraco-context pypi	Transitive	6.0.1	6.1.2	4 behind	1 high	Unknown
jupyter-core pypi	Transitive	5.7.2	5.9.1	4 behind	1 high	BSD-3-Clause
pyjwt pypi	Transitive	2.10.1	2.13.0	4 behind	1 high	MIT
twisted pypi	Transitive	24.11.0	26.4.0	4 behind	1 high	LPPL-1.3c AND LicenseRef-scancode-public-domain AND MIT
pyasn1 pypi	Transitive	0.6.1	0.6.3	2 behind	2 high	BSD-2-Clause
brotli pypi	Transitive	1.1.0	1.2.0	1 behind	1 high	MIT
pdfminer-six pypi	Transitive	20240706	20260107.0.0	—	2 high	Unknown
weasyprint pypi	Direct	63.1	69.0.0	—	1 high	BSD-2-Clause AND BSD-3-Clause
transformers pypi	Direct	4.49.0	5.10.1	57 behind	12 medium	Apache-2.0
pypdf pypi	Direct	5.2.0	6.12.2	40 behind	22 medium	BSD-2-Clause
virtualenv pypi	Transitive	20.29.1	21.4.2	34 behind	1 medium	MIT
pytest pypi	Direct	7.4.4	9.0.3	24 behind	1 medium	MIT
filelock pypi	Transitive	3.17.0	3.29.1	22 behind	2 medium	Unlicense
fonttools pypi	Transitive	4.55.8	4.63.0	19 behind	1 medium	Apache-2.0 AND BSD-3-Clause AND MIT AND OFL-1.1
marshmallow pypi	Transitive	3.26.1	4.3.0	12 behind	1 medium	BSD-3-Clause AND MIT
python-socketio pypi	Direct	5.12.1	5.16.2	10 behind	1 medium	MIT
requests pypi	Direct	2.32.3	2.34.2	8 behind	2 medium	Apache-2.0
mammoth pypi	Direct	1.9.0	1.12.0	4 behind	1 medium	BSD-2-Clause
python-dotenv pypi	Direct	1.1.0	1.2.2	4 behind	1 medium	BSD-3-Clause
lxml-html-clean pypi	Direct	0.4.2	0.4.5	3 behind	2 medium	BSD-3-Clause
pynacl pypi	Transitive	1.5.0	1.6.2	3 behind	1 medium	Apache-2.0
h2 pypi	Direct	4.2.0	4.3.0	1 behind	1 medium	MIT
jinja2 pypi	Direct	3.1.5	3.1.6	1 behind	1 medium	BSD-2-Clause AND BSD-3-Clause
nbconvert pypi	Direct	7.17.0	7.17.1	1 behind	2 medium	BSD-3-Clause
diskcache pypi	Direct	5.6.3	5.6.3	Current	1 medium	Apache-2.0
markdown pypi	Transitive	3.7	3.10.2	—	1 medium	BSD-2-Clause AND BSD-3-Clause
torch pypi	Direct	2.6.0	2.12.0	Current	2 medium	Unknown
pymdown-extensions pypi	Transitive	10.14.3	10.21.3	14 behind	1 low	BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND MIT
markdownify pypi	Direct	0.13.1	1.2.2	6 behind	1 low	MIT
pygments pypi	Direct	2.19.1	2.20.0	2 behind	1 low	BSD-2-Clause
pyarrow pypi	Direct	15.0.0	24.0.0	15 behind	1 unknown	Apache-2.0
py pypi	Transitive	1.11.0	1.11.0	Current	1 unknown	MIT

License Breakdown

MIT 179

Apache-2.0 113

Unknown 111

BSD-2-Clause AND BSD-3-Clause 48

BSD-3-Clause 38

BSD-2-Clause 17

Apache-2.0 AND MIT 9

ISC 7

MPL-2.0 5

MIT AND Python-2.0 4

BSD-3-Clause AND MIT 3

PSF-2.0 3

Apache-2.0 AND BSD-3-Clause AND MPL-2.0 2

Apache-2.0 AND GPL-3.0-or-later 2

BSD-2-Clause AND BSD-3-Clause AND MIT 2

LGPL-3.0 AND LGPL-3.0-only AND LGPL-3.0-or-later 2

LGPL-3.0-or-later WITH openvpn-openssl-exception 2

Unlicense 2

(Apache-2.0 AND BSD-3-Clause AND LicenseRef-PdfiumThirdParty) OR (Apache-2.0 AND LicenseRef-PdfiumThirdParty) OR (BSD-3-Clause AND LicenseRef-PdfiumThirdParty) 1

(Apache-2.0 AND BSD-3-Clause) OR (Apache-2.0 AND MIT) 1

(GPL-2.0-only AND GPL-3.0-or-later) OR (GPL-3.0-or-later AND LGPL-2.1-or-later) OR (GPL-3.0-or-later AND MPL-1.1) 1

0BSD AND Apache-2.0 AND BSD-3-Clause AND MIT 1

0BSD AND BSD-3-Clause AND LicenseRef-scancode-other-permissive AND MIT AND Python-2.0 1

0BSD AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND PSF-2.0 AND Python-2.0 1

AGPL-3.0 AND AGPL-3.0-only AND AGPL-3.0-or-later 1

AGPL-3.0 AND AGPL-3.0-or-later 1

AGPL-3.0-only AND AGPL-3.0-or-later AND GPL-3.0-only 1

AGPL-3.0-only AND Apache-2.0 1

Apache-2.0 AND BSD-2-Clause 1

Apache-2.0 AND BSD-3-Clause 1

Apache-2.0 AND BSD-3-Clause AND CC-BY-NC-4.0 AND GPL-1.0-or-later AND LGPL-2.0-or-later AND LicenseRef-scancode-proprietary-license AND MIT 1

Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 1

Apache-2.0 AND BSD-3-Clause AND MIT AND OFL-1.1 1

Apache-2.0 AND CC-BY-2.0 AND GPL-3.0-or-later 1

Apache-2.0 AND CC-BY-4.0 1

Apache-2.0 AND LicenseRef-scancode-generic-cla 1

Apache-2.0 AND LicenseRef-scancode-unknown-license-reference 1

Apache-2.0 AND Python-2.0 1

Apache-2.0 OR BSD-3-Clause OR (Apache-2.0 AND BSD-3-Clause) 1

BSD-2-Clause AND BSD-3-Clause AND CC-PDDC AND GPL-1.0-or-later AND GPL-3.0-only AND LicenseRef-scancode-other-copyleft AND LicenseRef-scancode-public-domain 1

BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later 1

BSD-2-Clause AND ISC 1

BSD-2-Clause-FreeBSD 1

BSD-3-Clause AND GPL-1.0-or-later 1

BSD-3-Clause AND GPL-2.0-only AND MIT 1

BSD-3-Clause AND LGPL-3.0-only 1

BSD-3-Clause AND LicenseRef-scancode-generic-cla AND MPL-2.0 1

BSD-3-Clause AND LicenseRef-scancode-protobuf 1

BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 1

BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND MIT 1

BSL-1.0 AND MIT 1

CAL-1.0 AND GPL-3.0-only AND LGPL-3.0-only 1

CAL-1.0 AND LicenseRef-scancode-unknown AND PSF-2.0 AND Python-2.0 1

CC-BY-NC-SA-4.0 AND GPL-1.0-or-later AND GPL-3.0-only AND GPL-3.0-or-later AND LicenseRef-scancode-proprietary-license AND LicenseRef-scancode-unknown-license-reference 1

CC-BY-NC-SA-4.0 AND GPL-2.0-or-later AND GPL-3.0-only AND GPL-3.0-or-later AND LicenseRef-scancode-proprietary-license AND LicenseRef-scancode-unknown-license-reference 1

CC0-1.0 AND Unlicense 1

CNRI-Python AND Apache-2.0 1

GPL-1.0-or-later AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND MPL-1.1 1

GPL-1.0-or-later AND MIT 1

GPL-3.0 AND LGPL-3.0-or-later 1

GPL-3.0-only AND LGPL-3.0-only AND LGPL-3.0-or-later 1

ISC AND MPL-2.0 1

LGPL-2.1-or-later 1

LGPL-3.0-or-later 1

LPPL-1.3c AND LicenseRef-scancode-public-domain AND MIT 1

LicenseRef-scancode-commercial-license AND LicenseRef-scancode-other-permissive AND MIT 1

LicenseRef-scancode-free-unknown AND MIT 1

LicenseRef-scancode-other-permissive AND MIT 1

MIT AND PSF-2.0 1

MIT AND ZPL-2.1 1

MIT-CMU 1

Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD 1

CVE Severity

critical 6

high 27

medium 19

low 3

unknown 2