How I Audit 200+ Dependencies in 5 Minutes (Free Tools Only)

After the LiteLLM PyPI compromise, I built a 5-minute dependency audit workflow. It uses only free tools and catches vulnerabilities that pip audit misses. Here's the exact workflow. Step 1: List All Dependencies (30 seconds) # Python pip freeze > requirements-full.txt wc -l requirements-full.txt # Output: 247 packages # Node.js npm ls --all --json | jq '.dependencies | keys | length' # Output: 389 packages Most developers don't realize how many transitive dependencies they have. That pip install httpx brought in 15 packages you never asked for. Step 2: Check Against NVD (1 minute) The National Vulnerability Database has 200,000+ CVEs. Free API, no key needed. import requests import subprocess # Get installed packages result = subprocess . run ([ ' pip ' , ' freeze ' ], capture_output = True , text = True ) packages = [] for line in result . stdout . strip (). split ( ' \n ' ): if ' == ' in line : name , version = line . split ( ' == ' ) packages . append (( name , version )) # Check e