FYEO Third Party Library Scanner

FYEO Third Party Library Scanner is a software composition analysis tool that maps how an application reaches into third-party code, down to the function level. Rather than simply listing installed packages, it traces call paths from source code into external libraries to reveal which external functions are actually used and where. Key capabilities include: - Function-level dependency tracing: Identifies which external functions your code calls and the specific call paths that reach them - Transitive dependency analysis: Detects vulnerabilities and risks embedded in dependencies of dependencies, not just direct imports - Abandoned package detection: Flags libraries that are stale, losing maintainers, or otherwise becoming unsafe to rely on - AI-powered analysis: Applies multi-pass AI review of dependency paths to surface security issues while reducing false positives - Dependency Health Dashboard: Provides an at-a-glance view of package status — actively maintained, behind on updates, abandoned, or flagged with security advisories - Security Audit Reports: Delivers prioritized findings ranked by severity with contextual information for remediation - Complete Dependency Map: Visual representation of how application code connects to third-party libraries The scanner supports multiple languages and ecosystems including Rust, Python, TypeScript, JavaScript, and Solidity (smart contracts). It can be run locally or integrated into CI/CD pipelines, with reports exportable in multiple formats. The tool is positioned for use by both engineering and security teams. A free scan option is offered. The tool has been used by Web3 projects and protocols including Algorand, Ethereum, Solana, Polygon, Avalanche, Polkadot, Near, Sui, Aptos, and Flare.