View all Blog Posts
Security
Mar 3, 2026

Dead Software Is the Vulnerability Your Scanner Misses. EOLDS Catches It — Free.

Introducing the End-of-Life Data Set (EOLDS), free End Of Life detection across 12 million+ packages.

Give me the TL;DR
Dead Software Is the Vulnerability Your Scanner Misses. EOLDS Catches It — Free.
For Qualys admins, NES for .NET directly resolves the EOL/Obsolete Software:   Microsoft .NET Version 6 Detected vulnerability, ensuring your systems remain secure and compliant. Fill out the form to get pricing details and learn more.

Your SCA catches CVEs. It flags license issues. It maps your dependency tree. But it was never built to answer the most basic question: is this software still alive across my tech stack?

Today we're launching the End-of-Life Data Set (EOLDS), a free tool that detects end-of-life software and maintainer abandonment across 12 million+ packages in npm, PyPI, Maven, NuGet, Cargo, Go, RubyGems, and Packagist. It's the layer your scanner is missing.

The problem

When a package hits end-of-life, the next CVE that lands will never get patched. There’s nobody left to write the fix. Sonatype calls these “forever vulnerabilities” — and our joint research found 81,000+ package versions that are both end-of-life and unpatchable today.

But it’s not just official EOL. The bigger problem is maintainer abandonment — projects where the developer just disappeared. No announcement, no goodbye commit, just silence. Still getting downloaded. Still in your dependency tree. Still a ticking clock.

How EOLDS works

We built EOLDS using heuristic analysis and machine learning to detect both official EOL declarations and unofficial maintainer abandonment at scale. Our models look at commit velocity, release cadence, issue response time, download trends, and registry metadata to catch the packages that died without telling anyone.

This is the layer that sits underneath your SCA. Your scanner finds bugs with fixes. EOLDS finds software that will never get fixed.

What you can do with it

  • See what’s dead in your stack before your auditor does
  • Prioritize by actual risk — days since EOL, versions behind, migration effort
  • Catch abandonment early — before the next Log4Shell lands in a package nobody’s maintaining
  • You can’t patch what you can’t see — EOLDS sees it
  • Share reports across teams — give security, engineering, and compliance a single source of truth on EOL exposure

It’s free. Try it now.

We built EOLDS because this data didn’t exist anywhere. Now it does.

👉 Try EOLDS for free

📄 Docs

Share via:
facebook
LinkedIn
X (twitter)
Table of Contents
Read full article
Author
Parin Shah
Senior Technical Product Marketing Manager
Open Source Insights Delivered Monthly

Related Blog Posts

Women Who Shaped Open Source—and Why Their Work Still Matters
Thought Leadership
Mar 2, 2026
Women Who Shaped Open Source—and Why Their Work Still Matters
How leadership in governance, security, and sustainability reshaped open source—and strengthened the foundation enterprises rely on.
Tomcat’s TLS Cipher Change and What it Means for Spring Boot Apps
Thought Leadership
Feb 26, 2026
Tomcat’s TLS Cipher Change and What it Means for Spring Boot Apps
How a Routine Tomcat Update Broke TLS Cipher Enforcement — and How We Fixed It
Stop Guessing What's Running in Production: A Fast Grails Estate Inventory
Thought Leadership
Feb 26, 2026
Stop Guessing What's Running in Production: A Fast Grails Estate Inventory
Five Commands to Understand Your Grails Technical Posture Before You Plan Anything

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Manage Consent Preferences by Category
Essentials
Always active

Necessary for the site to function. Always On.

Used for targeted advertising.

Remembers your preferences and provides enhanced features.

Measures usage and improves your experience.

Reject AllAccept All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.