I maintain an open source project (Surfactant) where I aim to keep the core framework "pure Python" to maximize portability. I specifically want to avoid surprises where a new Python version drops and a transitive dependency fails to install because it lacks an abi3 wheel or an sdist fallback (looking at you, LIEF).
Existing visualizers didn't offer a way to filter specifically for native/compiled code, so I built this client-side tool to help audit my dependencies.
1) Tree Visualization: Fetches metadata from PyPI to build the interactive graph.
2) Binary Detection: Highlights packages that are binary wheels only, missing sdists, or lack stable ABI tags (abi3).
3) Deep Scan: Optionally downloads wheels to memory and scans for subprocess or os.system calls using regex, to catch "implicit" system dependencies (or dependencies that are just a Python wrapper around another tool).
The source code is a single HTML file: https://github.com/llnl/Surfactant/blob/main/docs/_static_ht...
(I prototyped with Claude/Gemini, and iterated manually some to resolve edge cases like aliased imports and CSS styling quirks.)
Ideas for improvements are welcome! Dependency resolution (like uv) would be amazing, though that likely requires cross-compiling pubgrub-rs to WebAssembly.
rmast•3w ago