name: dependency-analysis-patterns description: Dependency graph visualization, circular dependency detection, CVE scanning, and license compliance

Dependency Analysis Patterns

Dependency Graph Visualization

# npm
npx depcruise --output-type dot src/ | dot -T svg > deps.svg

# Python
pipdeptree --graph-output svg > deps.svg

# Go
go mod graph | modgraphviz | dot -T svg > deps.svg

Circular Dependency Detection

# JavaScript/TypeScript
npx madge --circular src/
npx dpdm --circular src/index.ts

# Python
pydeps --cluster --no-show src/

Fix Strategies

CVE Scanning

# npm
npm audit --json | jq '.vulnerabilities | to_entries[] | select(.value.severity == "critical")'

# pip
pip-audit --format json --desc

# Go
govulncheck ./...

# Multi-tool
trivy fs --severity CRITICAL,HIGH .

CVE Prioritization

License Compliance

# npm
npx license-checker --production --json --failOn "GPL-3.0;AGPL-3.0"

# Python
pip-licenses --format=json --fail-on="GPL-3.0"

Update Impact Analysis

# npm - outdated
npm outdated --json

# Semver risk
# patch (0.0.x) → güvenli
# minor (0.x.0) → genelde güvenli
# major (x.0.0) → breaking change riski

# Test after update
npm update <pkg> && npm test

Checklist

• npm audit / pip-audit temiz (critical/high yok)
• License audit pass (GPL yok)
• Circular dependency yok
• Lockfile committed ve güncel
• Unused dependency yok (depcheck)
• Renovate/Dependabot aktif
• Major version behind ≤1

Anti-Patterns

• Audit warning'leri ignore etmek
• Lockfile commit etmemek
• Pinned version kullanmamak (^, ~)
• License check'siz production dependency
• Dependency update'siz 6+ ay