A package manager auditor and health dashboard for your machine.
Sweep scans your installed packages across multiple package managers and tells you:
- Which packages are orphaned — installed but nothing depends on them
- Which packages are unused — no project on your machine imports them
- Which packages are outdated — behind the latest registry version
- Which packages are deprecated or abandoned — not maintained upstream
- How much disk space each one is consuming
All of this is shown in a visual desktop GUI — sortable, filterable, and actionable.
| Manager | Status |
|---|---|
| pip (Python) | Phase 1 |
| npm (Node.js, global) | Phase 1 |
| cargo (Rust) | Phase 5 |
| Homebrew (macOS) | Phase 5 |
[ Scanners ] → [ Dependency Graph ] → [ Analyzer ] → [ Cache ] → [ GUI ]
The backend and GUI are fully separated. The GUI never talks to package managers directly — it only reads from the analyzed, cached data model. This means:
- The GUI stays fast and responsive
- New package managers can be added by writing one new scanner file
- The analysis logic can be tested independently of the UI
sweep/
│
├── core/ # all processing and analysis logic
│ ├── scanners/ # one file per package manager
│ │ ├── pip_scanner.py # runs pip commands, returns list of Package objects
│ │ └── npm_scanner.py # runs npm commands, returns list of Package objects
│ ├── graph.py # takes scanner output, maps who depends on who
│ ├── analyzer.py # uses graph to flag orphans (Layer 1)
│ ├── health_scorer.py # reads all Package fields, sets health_status
│ └── project_scanner.py # walks project folders, detects import usage (Layer 2)
│
├── registry/ # everything that touches the internet
│ ├── pypi_client.py # asks PyPI for latest version + deprecation info
│ ├── npm_registry_client.py # asks npm registry for latest version + deprecation info
│ └── cache.py # SQLite cache — checks here before hitting any API
│
├── models/
│ └── package.py # Package dataclass — every field lives here
│ # (name, version, size, status, dependencies, usage etc)
│
├── gui/ # PySide6 frontend — reads models, never calls core directly
│ ├── main_window.py # app shell, layout, toolbar
│ ├── tree_view.py # main package list with expandable dependency rows
│ └── detail_panel.py # bottom panel shown when a package is selected
│
├── tests/
│ ├── test_scanners.py
│ ├── test_graph.py
│ └── test_analyzer.py
│
├── requirements.txt
├── CLAUDE.md
├── README.md
└── main.py # entry point — wires everything together
Every package in the system is represented uniformly, regardless of which manager it came from:
name string
version string (installed)
latest_version string (from registry)
manager enum pip | npm | cargo | brew
size_bytes int
install_type enum direct | dependency
dependencies list (names of packages this one needs)
dependents list (names of packages that need this one)
used_in_projects list (file paths where this package is imported)
last_registry_update date (from registry)
is_deprecated bool
deprecation_reason string
health_status enum healthy | outdated | orphan | deprecated | unknown
The health_status field is computed by health_scorer.py — the GUI just reads it.
| Signal | Where it comes from | Notes |
|---|---|---|
| Orphaned | Dependency graph (local) | Nothing depends on this package |
| Unused | Project scanner (local) | No project imports it |
| Outdated | Registry API (online) | Installed version behind latest |
| Deprecated | Registry API + heuristics | npm has a formal flag; pip/cargo use last-publish date |
| Disk size | OS filesystem | Shown per package and aggregated |
Deprecated detection is heuristic for pip and cargo — the tool shows you why it flagged something (e.g. "no release in 3+ years") rather than just a red icon.
- pip and npm scanners
- Dependency graph builder
- Orphan detection
- Basic GUI with tree view
- PyPI and npm registry API clients
- Outdated version detection
- Cache layer (SQLite) to avoid hammering APIs
- Folder walker for local projects
- Import statement detection (Python + JS/TS)
- Cross-reference imports against installed packages
- Abandoned/deprecated heuristics
- Unified health scorer
- Full GUI with color-coded status indicators
- Additional scanners
- Plugged into existing architecture
Offline-first — Sweep works without internet. Registry calls are optional and cached. The core orphan/usage detection is entirely local.
Non-destructive by default — Sweep never removes anything automatically. Every removal requires explicit confirmation with a preview of what will be deleted.
Project scanning is opt-in — users point Sweep at their project folders
in settings. Auto-discovery of common locations (~/code, ~/projects) is
offered as a starting point.
Package name ≠ import name — the project scanner accounts for mismatches
(e.g. Pillow installed, imported as PIL). A mapping file handles known cases.
- Python 3.11+
- PySide6 for the GUI (Qt-based, cross-platform)
- qdarkstyle or qt-material for dark theme
- pipdeptree for pip dependency graph
- SQLite (via stdlib
sqlite3) for local cache - httpx for async registry API calls
# Install dependencies
pip install -r requirements.txt
# Run the app
python main.pyNote: Scanning npm global packages requires Node.js to be installed. Homebrew scanning is macOS only.