EOL Dataset: Free tool to detect end-of-life dependencies across 12M+ package versions
By
Mat Parker
1mo ago· 1 min readenProduct
38/100
Stale
Bagelometer↗
Has the shape of a bagel but none of the steam.
Score38Typepress releaseSentimentpositive
Summary
A new free tool called EOL Dataset helps developers identify end-of-life dependencies in their software stacks. Unlike traditional SCA tools that only check for CVEs, this tool tracks lifecycle status across 12M+ package versions using official EOL declarations and ML-based detection of maintainer abandonment. Users can upload package manifests or SBOMs to see which dependencies are still maintained, covering direct and transitive dependencies across major ecosystems.
Key quotes
· 5 pulledYour SCA checks for CVEs. It doesn't check whether anyone is still maintaining the software.
That's a different question, and until now, no tool answered it well.
We track lifecycle status across 12M+ package versions using official EOL declarations and ML-based detection of maintainer abandonment.
Upload a package.json, pom.xml, requirements.txt, or any SBOM and see exactly what's still maintained and what isn't.
Direct and transitive deps. Every major ecosystem. Free of charge.
Your SCA checks for CVEs. It doesn't check whether anyone is still maintaining the software. That's a different question, and until now, no tool answered it well. We track lifecycle status across 12M+ package versions using official EOL declarations and M
