Dart dependency analysis and evaluation

While I really love dart as a language it has a dependency management that is quite messy. There are two main problems from my experience:

1. There is a ton of different packages on https://pub.dev and they are all open source – which is great. And I can totally understand that open source authors at some point lose interest in the package and no longer maintain it. Unfortunately there is no mechanism in place that these packages are transferred to the ownership of someone else and the only way at the moment is that other forks like very_useful_package_plus, very_useful_package_minus, etc. are existing in parallel.
2. This in itself would not be a problem – quite often the functionality of a package is simple and does not need to change. If the package however requires other libraries in a specific (outdated) version it will prevent other packages from updating.
3. Identifying the dart packages that are blocking others from upgrading is a pain in the neck as it is not at all automated. Also checking pub.dev manually to see the popularity of packages is mildly inconvenient.

The solution

Last week Google released Gemini CLI and I thought this problem would be a nice one to test a new AI and go on a coding adventure. The result is available on GitHub: dart_dependency_analyzer and at least for me it works quite well.

Here is the typical output of this little command line tool:

$ dart run dependency_analyzer.dart test_project --show-details 
🟢 flutter (whitelisted) ()
🟢 cupertino_icons (whitelisted) ()
🟢 riverpod  (current: 2.6.1, latest: 2.6.1, updated: 2024-10-22, likes: 3700, granted points: 160, downloads: 2465808)
🟢 flutter_test (whitelisted) ()
🟡 date_format_helper (low downloads: 43), (low likes: 4) (current: 0.0.3, latest: 0.0.3, updated: 2025-01-18, likes: 4, granted points: 150, downloads: 43)
🔴 device_frame (blocks freezed from upgrading) (current: 1.3.0, latest: 1.4.0, updated: 2025-06-30, likes: 153, granted points: 130, downloads: 346574)
🔴 freezed (major update available: 2.5.8 -> 3.0.6) (held back by device_frame) (current: 2.5.8, latest: 3.0.6, updated: 2025-04-05, likes: 4269, granted points: 130, downloads: 1838079)
🔴 firebase_vertexai (discontinued) (current: 1.8.0, latest: 1.8.0, updated: 2025-06-10, likes: 124, granted points: 140, downloads: 43122)
🔴 flutter_lints (major update available: 5.0.0 -> 6.0.0) (current: 5.0.0, latest: 6.0.0, updated: 2025-05-27, likes: 1275, granted points: 160, downloads: 6224750)

The color coding logic is:

1. 🔴 Red: Critical issues (discontinued, stale, major version update available).
2. 🟡 Yellow: Minor version updates available.
3. 🟢 Green: Up-to-date or only patch updates available, or whitelisted.
4. ⚪️ Grey: Git or path dependencies, or when pub.dev info is unavailable.

For me the most helpful information is that device_frame (blocks freezed from upgrading). This information is normally quite complicated to get and I don’t think that I would have had the patience to write the parser for the dependency tree without the AI helper.

It also shows packages that are discontinued (like firebase_vertexai) or where a major version upgrade has not been possible (freezed) or simply not yet been run (flutter_lints).

There are a few command line parameters with --show-details being the most useful one. This shows the current/latest versions, last update, likes, and downloads from pub.dev. This is in particular helpful for identifying early warning signals for packages that lack a stable base of likes and downloads and might be candidates for future challenges.