Dependency Auditor
Paste a package.json or a requirements.txt. It flags the pins that quietly break reproducible builds: wildcards, caret and tilde ranges, open lower bounds, duplicates across groups, and the same package pinned two different ways. Nothing is uploaded.
Paste, then run. Findings appear here.
A preview of a Tessera pack
This browser demo runs a handful of checks client-side. The full deps pack audits dependency manifests for pinning, duplicates, and conflicts. It is one of 24 job packs in Tessera, an offline toolkit that turns a repository into a single reviewable HTML report.
Every pack follows one contract: normalize, validate, generate artifacts. No services, no API keys, no network calls, nothing executed against your code.
$ pip install tesserakit-deps
$ pipx install tesserakit-deps # isolated CLI install
$ uv tool install tesserakit-deps
$ tessera run --input . --output run
# then open run/index.html