Show & Tell: DepGuard – A visual simulator for npm vulnerability blast radiuses (FastAPI + React)

[EgglezosHub]

🏷️ Discussion Type

Question

Body

I wanted to share an open-source project I’ve been building called DepGuard that i originally started from a uni course i have on graph theory. The goal was how to use the graph theory as a mathematical tool to have better visibility on my projects.
Usually, npm audit just gives us a flat list of vulnerabilities. I wanted to build something that actually shows the blast radius, how a single compromised package deep in the dependency tree propagates and affects everything else.

What it does

DepGuard parses package-lock.json files, resolves the dependency tree, and checks it against the OSV (Open Source Vulnerabilities) API in real-time. It then visualizes the transitive dependencies so you can actively see the exposure paths.

The Tech Stack

• Backend: Python, FastAPI, and NetworkX
• Frontend: React, TypeScript, and Cytoscape.js
• Scoring Logic: It combines standard CVSS severity scores with graph theory metrics (like betweenness centrality) using NetworkX to give vulnerabilities a smarter risk score
• Caching: Async SQLite to cache registry lookups and speed up subsequent scans

I’d really value some architectural feedback from the community here:

• Graph Optimization: Has anyone worked with Cytoscape.js for massive datasets? I'm looking for tips on rendering large, complex trees without bottlenecking the browser
• Backend Logic: Feedback on how I'm structuring the FastAPI routes and managing the async SQLite caching would be amazing

I’ve opened a few good first issue tickets if anyone is looking to make some open-source contributions
If you find the project interesting or useful, a ⭐️ on the repository would be hugely appreciated!

Repo Link: https://github.com/EgglezosHub/DepGuard

Thanks for checking it out, and I'm happy to answer any questions about the code