> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Packages

> Browse the buildable units Endor Labs discovers in your projects, and review their resolution and reachability status.

Packages are the buildable units of first-party code Endor Labs discovers inside a project. Each package corresponds to a manifest in your repository, such as `pom.xml`, `package.json`, or `go.mod`. Use the Packages page to confirm Endor Labs discovered every package you expect to scan, and to track whether dependency resolution and reachability analysis succeeded for each one.

## What Endor Labs tracks for a package

For each package, Endor Labs records:

* **Versions**: Snapshots taken whenever a scan runs against a different commit, branch, or release of the source. Versioning lets you compare the same package across branches, releases, or scheduled scans.
* **Dependencies**: The other packages this package consumes, mostly third-party. See [Dependencies](/inventory-insights/dependencies) to review the inventory and Endor Scores.
* **Dependents**: Other packages in your tenant that consume this package. Use dependents to communicate with downstream consumers when you change a version.
* **Findings**: Security findings derived from rule evaluations against the package and its dependencies.

## How packages relate to projects and repositories

A project in Endor Labs represents a source code repository. A single repository typically contains one or more packages. For example, a monorepo can hold dozens of npm or Maven packages, each declared by its own manifest. When Endor Labs scans a project, it inventories every package it can build and tracks each one independently.

## Package discovery and lifecycle

Endor Labs discovers packages during a project scan, whether the scan runs from a CI/CD pipeline, on a schedule, or as an ad hoc `endorctl scan` command. For each manifest it finds, Endor Labs builds the package, resolves its dependencies, and generates a call graph where the language and package manager support it.

A rescan refreshes the package inventory and updates dependency resolution and reachability results. Rescans run automatically on every CI/CD pipeline scan and on the cadence you configure for scheduled scans.

## Packages and dependencies

The Packages page and the Dependencies page answer different questions about your inventory.

* **Packages** are the units of first-party code your team owns. They live in your repositories, and Endor Labs scans them as part of your projects.
* **Dependencies** are the third-party code those packages consume. Endor Scores, reachability states, and findings on third-party code all live on the Dependencies page.

See [Dependencies](/inventory-insights/dependencies) to review the third-party packages your projects consume and how Endor Labs scores them.

## View packages in a project

1. Select **Projects** from the left sidebar.
2. Search for and select a project to review.
3. Select **Packages** under **Inventory** to view every package Endor Labs maintains for the project, along with any findings.

   <img src="https://mintcdn.com/endorlabs-b4795f4f/NT5eBW8QVW9Cos8R/images/inventory-insights/packages/packages-projects.webp?fit=max&auto=format&n=NT5eBW8QVW9Cos8R&q=85&s=4e006dc6cf508b256017161f7f3bb430" alt="Packages list for a project" style={{width: '80%'}} width="2508" height="1024" data-path="images/inventory-insights/packages/packages-projects.webp" />

Each row shows:

* **Package Name**: The name of the package, with the package manager icon.
* **Dependency Resolution**: Status icon showing whether dependency resolution succeeded.
* **Reachability Analysis**: Status icon showing whether call graph generation succeeded.
* **Dependencies**: The number of dependencies in the package.
* **Findings**: The number of findings associated with the package.
* **Created**: The date and time when Endor Labs first discovered the package.
* **Last Scanned**: The date and time of the most recent scan.

The following table describes the **Dependency Resolution** status icons.

| Status                                    | Description                        |
| ----------------------------------------- | ---------------------------------- |
| <span style={{color: '#dc3545'}}>▲</span> | Error during manifest scan         |
| <span style={{color: '#ffc107'}}>◐</span> | Error during dependency resolution |
| <span style={{color: '#28a745'}}>●</span> | Dependency resolution succeeded    |

The following table describes the **Reachability Analysis** status icons.

| Status                                    | Description                                            |
| ----------------------------------------- | ------------------------------------------------------ |
| <span style={{color: '#dc3545'}}>▲</span> | Error during call graph generation                     |
| <span style={{color: '#28a745'}}>●</span> | Call graph generation succeeded                        |
| <span style={{color: '#d3d3d3'}}>■</span> | Call graph generation isn't supported or isn't enabled |

Select a package to open its detail view, where you can review its dependencies, findings, and Endor Scores. See [Dependencies](/inventory-insights/dependencies) to learn how dependency details and scores work.

<Note>
  For C and C++ packages, you can visualize the source files where each dependency was identified during scanning. See [View dependency file locations](/scan/sca/c#view-dependency-file-locations) to explore the file paths Endor Labs detected.
</Note>

## Filter packages

Use filters to narrow the package list to a specific ecosystem or status.

On the **Packages** page, apply the **Ecosystem**, **Dependency Resolution**, or **Reachability Analysis** filter to narrow the results. To sort, click the **Package**, **Created**, or **Last Scanned** column header. The sort order toggles between ascending and descending each time you click.

<img src="https://mintcdn.com/endorlabs-b4795f4f/NT5eBW8QVW9Cos8R/images/inventory-insights/packages/filter-package.webp?fit=max&auto=format&n=NT5eBW8QVW9Cos8R&q=85&s=c0e309a4e36fbb971c36bc7be3039c68" alt="Filter packages by ecosystem and status" style={{width: '80%'}} width="2508" height="1118" data-path="images/inventory-insights/packages/filter-package.webp" />

## Delete a package

Delete packages you no longer need from your project inventory. Deleting a package also removes every finding associated with it.

1. On the **Packages** page, select the vertical three dots in the package row, then select **Delete**.
2. Click **Delete** to confirm.

   <img src="https://mintcdn.com/endorlabs-b4795f4f/NT5eBW8QVW9Cos8R/images/inventory-insights/packages/delete-package.webp?fit=max&auto=format&n=NT5eBW8QVW9Cos8R&q=85&s=500a110135e9fd7a2f0fd5943800f9ec" alt="Delete package confirmation" style={{width: '50%'}} width="914" height="482" data-path="images/inventory-insights/packages/delete-package.webp" />

   <Warning>
     Deleting a package removes its findings from the project. This action can't be undone.
   </Warning>
