Chifleton
Chifleton is a lightweight dependency vulnerability scanner for Python and JavaScript package ecosystems.
It uses OSV.dev as the data source to check known vulnerabilities and produce structured, audit-ready reports. :contentReference[oaicite:1]{index=1}
PyPI Release — Version 0.2.1
Released: February 11, 2026
Install:
pip install chifleton==0.2.1
Chifleton helps developers and small teams discover and document dependency vulnerabilities in a reproducible way, ideal for security reviews, compliance, and continuous integration workflows.
Features
- Scans dependency files:
- Python —
requirements.txt,pyproject.toml - JavaScript —
package.json,package-lock.json,yarn.lock,pnpm-lock.yaml
- Python —
- Generates terminal output as well as HTML and JSON reports
- Designed for audit and compliance use cases
- OSV vulnerability data, no proprietary feeds :contentReference[oaicite:3]{index=3}
Quick Start
pip install chifleton==0.2.1
Scan dependencies and generate HTML + JSON reports:
chifleton scan requirements.txt --report html
Usage Examples
- Default scan (HTML + JSON):
chifleton scan
- Scan a specific file:
chifleton scan pyproject.toml
- CI: mark build as failed if vulnerabilities are found:
chifleton scan --fail-on-vuln
About
Dependency vulnerability scanning and reporting is essential for secure software supply chains.
Chifleton provides clear outputs suitable for review, documentation, and audit trails — useful for teams, open-source projects, and compliance automation. :contentReference[oaicite:4]{index=4}
❤️ Maintainer
- Author: Jaeha Yoo
License
- MIT License
Top comments (0)