.png)
Nobody Had A Complete Map Of Dead Open Source Software. So We Built One.
We watched hundreds of enterprises discover EOL risk at the 11th hour — during audits, after breaches, too late to act. The data simply didn't exist.
Today, the HeroDevs EOL Data Set tracks lifecycle status for 12M+ package versions across every major registry. The next closest source covers ~7,000.
900+
enterprise customers
12M+
package versions analyzed
1078+
CVEs remediated
3000+
enterprise SBOMs studied
There's Nothing Else Like It
Existing sources track a fraction of the ecosystem. We track all of it.
HeroDevs EOL Data Set
12,000,000+
12,000,000+ package versions with known lifecycle status
Registries: npm · PyPI · Maven · NuGet · RubyGems · Go · Packagist · crates.io
endoflife.date
~350
products tracked (not package versions)
NVD / CVE Databases
~7,000
CVE records referencing EOL — no structured lifecycle data
That's a 1,700x difference in coverage.
Why Didn't This Data Exist Before?
Most packages don't announce end-of-life. Maintainers just stop committing. Nobody declares it dead — it just stops.
No standard
There's no standard for reporting 'this is dead.' EOL information isn't part of package metadata.
Maintainer abandonment
Most maintainers don't post announcements. They move on. The package stays on the registry forever.
SCA doesn't look
Vulnerability scanners ask 'is there a CVE?' They don't ask 'will there ever be a fix?'
How We Build It
Two sources of truth. One comprehensive dataset.
MAINTAINER-ATTESTED
Official EOL declarations
Every official end-of-life announcement, support policy change, and maintenance status update from package maintainers and foundations.
Official project announcements
Support policy documentation
Foundation lifecycle statements
Release schedule commitments
MACHINE LEARNING
Abandoned package detection
Not every maintainer announces EOL. Our ML analyzes commit velocity, release cadence, issue response time, and download trends to detect maintainer abandonment.
Commit & release frequency analysis
Issue response pattern detection
Download trend modeling
Maintainer activity signals
CONTINUOUS ENRICHMENT
CVE and risk correlation
Every EOL record is enriched with vulnerability data, migration paths, and ecosystem context — updated continuously as new CVEs are disclosed.
CVE-to-package mapping
CVSS scoring integration
Migration path availability
Ecosystem health indicators
Learn more about our methodology
The data didn't exist.
We built it.
Now it's yours.
Explore the dataset, integrate it into your platform, or scan your own stack.
CONTACT US
Let's Close The EOL Blind Spot — Together
81,000+ EOL packages have known CVEs and no fix path. Your customers are exposed. Let's fix that together
Join HeroDevs' partner ecosystem and give your customers visibility across 12M+ package versions.
Join HeroDevs' partner ecosystem and give your customers visibility across 12M+ package versions.
API-first integration — ship End of Life data in your product
Detection across every major registry and ecosystem
Remediation paths including NES drop-in support
Trusted by industry leaders such as
Partner With Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Run An EOL Scan For Free
Upload your dependency files or use our CLI to uncover unsupported, end-of-life open source software in minutes.
No heavy setup. No new platform. Just end-of-life visibility.
No heavy setup. No new platform. Just end-of-life visibility.
Have questions about End of Life Open Source Software or securing legacy frameworks?
Our team works with engineering, security, and compliance leaders across regulated industries.
Request A Demo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.