Skip to main content

Supported Ecosystems and Manifests

Learn which languages and ecosystems Vibgrate scans and how it reads manifests and lockfiles to detect dependencies, runtimes, and drift across a polyglot codebase.

Vibgrate Docs

Vibgrate Help

Vibgrate CLI scans for upgrade drift across many languages and ecosystems by reading the manifests and lockfiles your project already has. This article explains what's covered and how detection works, for developers with polyglot repos and leaders standardizing across stacks.

Overview

Vibgrate analyzes codebases across ~19 ecosystems, including Node.js, .NET, Python, Java, Go, Rust, PHP, and Ruby. Rather than requiring configuration per language, it discovers what's present by finding the manifests and lockfiles that declare your dependencies and runtimes.

Run a scan from your project root and Vibgrate detects the ecosystems automatically:

vg

Manifests and lockfiles

Each ecosystem declares dependencies in its own files — for example package manifests that list direct dependencies, and lockfiles that pin exact resolved versions including transitive ones. Vibgrate reads both kinds of file:

  • Manifests tell it what you asked for (your direct dependencies and version ranges).
  • Lockfiles tell it what you actually resolved (the full tree, including transitive packages).

Using both lets Vibgrate distinguish direct from transitive dependencies and compute drift accurately.

Polyglot and mixed repos

Many real projects mix stacks — a TypeScript frontend, a .NET service, and a Python tool in one repository. Vibgrate detects each ecosystem it finds and folds the signals into a single DriftScore for the scanned scope, so you get one comparable number even across a mixed codebase.

Pointing at a specific manifest

When you need to target a particular package manifest, the scanner accepts a --package-manifest option. In most cases, though, bare vg discovers everything from the project root with no extra flags.

What detection enables

Because Vibgrate reads the real ecosystem files, it can identify outdated packages, end-of-life runtimes, and deprecations specific to each stack — and surface them together. No-install try form:

npx @vibgrate/cli scan

Related

Related Commands