Eolds, a scanner for EOL open source packages across 12M versions

Name: Eolds, a scanner for EOL open source packages across 12M versions
Availability: InStock
Author: matparker24

by matparker24·Mar 3, 2026·2 points·0 comments

Visit Project View on HN

AI Analysis

●●SolidSolve My ProblemNiche Gem

Lifecycle intelligence beyond CVEs, but SCA competitors already bundle EOL tracking.

Strengths

•Detects transitive and obscure EOL dependencies that traditional CVE scanners miss
•12M+ package versions with multi-signal heuristics gives comprehensive coverage
•Free CLI tool paired with premium support option (Never-Ending Support) adds value

Weaknesses

•EOL detection is a solved category — Snyk, Dependabot, and others already cover this
•Fully dependent on HeroDevs' business model; free access may not persist long-term

Post Description

Hey HN. I'm part of the team that built this, though not the engineer behind it. Happy to answer what I can and will loop in the people who built it for anything technical.

The reason we built it: most teams only find out they're running EOL software during a CVE incident or a compliance audit. We kept hearing this problem from customers and couldn't find a tool that clearly answered: which of my dependencies will never get another patch, including the ones your packages depend on?

SCA tools cover known CVEs. They don't cover EOL status or what's coming. That's the gap this is built for.

One thing worth saying directly: HeroDevs is a for-profit company. But part of why we built this is that we think someone needs to be a responsible steward for open source software when maintainers move on. We see this as part of that commitment, not just a product.

Run it with npx @herodevs/cli scan or upload an SBOM on the site (https://eoldataset.com/). Free to use. Curious what you find, especially in ecosystems we haven't covered well yet.