Dependency Analysis
sglang
Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.
66%
Freshness
231
Dependencies
27
Outdated
0
Stale
4.3
Avg Behind
Dependency List
Latest release v0.5.11
| Dependency | Type | Current | Latest | Behind | CVE | License |
|---|---|---|---|---|---|---|
|
diffusers
pypi
|
Direct | 0.37.0 | 0.38.0 | 2 behind | 1 high | Unknown |
|
openai
pypi
|
Direct | 2.6.1 | 2.41.0 | 38 behind | — | Apache-2.0 |
|
outlines
pypi
|
Direct | 0.1.11 | 1.3.0 | 28 behind | — | Apache-2.0 |
|
checkpoint-engine
pypi
|
Direct | 0.1.2 | 0.4.0 | 14 behind | — | MIT |
|
flashinfer-cubin
pypi
|
Direct | 0.6.8.post1 | 0.6.12 | 14 behind | — | Unknown |
|
flashinfer-python
pypi
|
Direct | 0.6.8.post1 | 0.6.12 | 14 behind | — | Unknown |
|
timm
pypi
|
Direct | 1.0.16 | 1.0.27 | 11 behind | — | Apache-2.0 AND BSD-3-Clause AND CC-BY-NC-4.0 AND GPL-1.0-or-later AND LGPL-2.0-or-later AND LicenseRef-scancode-proprietary-license AND MIT |
|
cache-dit
pypi
|
Direct | 1.3.0 | 1.3.9 | 9 behind | — | Unknown |
|
openai-protocol
cargo
|
Direct | 1.0.0 | 1.7.0 | 8 behind | — | Apache-2.0 |
|
transformers
pypi
|
Direct | 5.6.0 | 5.10.1 | 8 behind | — | Unknown |
|
reasoning-parser
cargo
|
Direct | 1.0.0 | 1.2.3 | 6 behind | — | Apache-2.0 |
|
smg-grpc-client
cargo
|
Direct | 1.0.0 | 1.5.1 | 6 behind | — | Apache-2.0 |
|
smg-mesh
cargo
|
Direct | 1.0.0 | 1.3.0 | 6 behind | — | Apache-2.0 |
|
data-connector
cargo
|
Direct | 1.0.0 | 2.2.0 | 4 behind | — | Apache-2.0 |
|
imageio
pypi
|
Direct | 2.36.0 | 2.37.3 | 4 behind | — | BSD-2-Clause |
|
nvidia-cutlass-dsl
pypi
|
Direct | 4.4.2 | 4.5.2 | 4 behind | — | Unknown |
|
opencv-python-headless
pypi
|
Direct | 4.10.0.84 | 4.13.0.92 | 4 behind | — | Apache-2.0 AND MIT |
|
smg-mcp
cargo
|
Direct | 1.0.0 | 2.2.0 | 4 behind | — | Apache-2.0 |
|
tool-parser
cargo
|
Direct | 1.0.0 | 1.2.0 | 4 behind | — | Apache-2.0 |
|
pyyaml
pypi
|
Direct | 6.0.1 | 6.0.3 | 3 behind | — | MIT |
|
scikit-image
pypi
|
Direct | 0.25.2 | 0.26.0 | 3 behind | — | BSD-2-Clause AND BSD-3-Clause AND MIT |
|
sglang-kernel
pypi
|
Direct | 0.4.2 | 0.4.3 | 3 behind | — | Unknown |
|
torchcodec
pypi
|
Direct | 0.11.1 | 0.14.0 | 3 behind | — | Unknown |
|
wfaas
cargo
|
Direct | 1.0.0 | 1.0.3 | 3 behind | — | Apache-2.0 |
|
av
pypi
|
Direct | 16.1.0 | 17.0.1 | 2 behind | — | Unknown |
|
blobfile
pypi
|
Direct | 3.0.0 | 3.2.0 | 2 behind | — | Unlicense |
|
openai-harmony
pypi
|
Direct | 0.0.4 | 0.0.8 | 2 behind | — | Apache-2.0 |
|
smg-auth
cargo
|
Direct | 1.0.0 | 1.1.1 | 2 behind | — | Apache-2.0 |
|
smg-wasm
cargo
|
Direct | 1.0.0 | 1.1.0 | 2 behind | — | Apache-2.0 |
|
imageio-ffmpeg
pypi
|
Direct | 0.5.1 | 0.6.0 | 1 behind | — | BSD-2-Clause |
|
st-attn
pypi
|
Direct | 0.0.7 | 0.0.8 | 1 behind | — | Unknown |
|
torch
pypi
|
Direct | 2.11.0 | 2.12.0 | 1 behind | — | Unknown |
|
vsa
pypi
|
Direct | 0.0.4 | 0.0.5 | 1 behind | — | Unknown |
|
xgrammar
pypi
|
Direct | 0.2.0 | 0.2.1 | 1 behind | — | Unknown |
License Breakdown
Unknown
184
Apache-2.0
18
MIT
10
BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
8
BSD-2-Clause
3
Apache-2.0 AND BSD-3-Clause AND CC-BY-NC-4.0 AND GPL-1.0-or-later AND LGPL-2.0-or-later AND LicenseRef-scancode-proprietary-license AND MIT
1
Apache-2.0 AND BSD-3-Clause AND MIT
1
Apache-2.0 AND MIT
1
BSD-2-Clause AND BSD-3-Clause AND MIT
1
BSD-3-Clause
1
BSD-3-Clause AND Python-2.0
1
Unlicense
1
CVE Severity
critical
2
high
1
medium
0
low
0
unknown
2