Static sample preview

Dependency Watch

Repo: google-gemini/deprecated-generative-ai-python

CA$1,500 / quarter

Assessment: Dependency trust / dependency-heavy app

This Dependency Watch sample shows how FoldEngine tracks trust decay in dependencies over time. The Google Gemini Python SDK was official and widely adopted. The support path moved to a unified SDK. The old package remains installable, which is the core risk: teams may not notice the shift unless someone checks. Dependency Watch becomes more valuable across repeated ledger entries: each run can compare what changed, what stayed risky, and what next move is now supported.

Question

Is a client's dependency on an older official Google Gemini SDK still supported, or has the canonical path moved?

Target surface

Product/surface: the old Gemini Python SDK as a dependency choice. The decision is whether an installable, previously official package remains a safe support path this quarter. The invariant tested is simple: installability is not the same as current support.

Short finding

The Google Gemini Python SDK has been explicitly deprecated. The repository was renamed with a "deprecated-" prefix and the README directs users to the unified google-genai SDK. The old package remains installable on PyPI, meaning teams may not notice the support path has moved unless they check the repository directly.

What FoldEngine checked

  • Repository deprecation notice and renamed repository.
  • Migration guidance to the unified SDK.
  • PyPI package availability versus actual support status.
  • Corresponding JavaScript SDK deprecation pattern.

Watch signal table

Signal Previous Current Status
Repository naminggenerative-ai-pythondeprecated-generative-ai-pythonMoved
README guidanceInstall and useMigrate to google-genaiMoved
Active developmentCommits visibleNo new feature commitsStale
PyPI availabilityInstallableStill installableMisleading
Security patchesAssumedUncertainRisk

Stability Ledger entry

This sample represents one private Dependency Watch ledger entry. A real cycle would record what was rechecked, what changed since the last entry, what improved, what regressed, what remained unresolved, what new dependency or trust risks appeared, and the next closure move. This sample is witness-backed by visible public evidence; it does not claim automated monitoring or a dedicated runner.

What FoldEngine did not check

  • Client-specific usage patterns or migration blockers.
  • Unified SDK compatibility with specific client code.
  • Live migration execution.
  • Security vulnerability scanning of the deprecated package.

Evidence boundary / receipt-style summary

Artifact kind
dependency_watch_report
Evidence surface
Public GitHub repository and PyPI status
Private access
None
Watch cadence
Quarterly

Seed candidates

Seed A — Inventory all import locations

Hypothesis: Knowing every location that imports the deprecated SDK scopes the migration effort.

Value: high · Risk: low

Evidence required: grep/search result listing all import sites.

Verification: Import inventory covers all repositories using the old SDK.

Seed B — Migrate to google-genai SDK

Hypothesis: Migrating to the canonical SDK restores the supported path for security patches and new features.

Value: high · Risk: medium

Evidence required: Migration plan with API compatibility notes per import site.

Verification: All import sites migrated; deprecated package removed from manifest.

Decision receipt: BLOCK

The dependency is explicitly deprecated. Continued use means no guaranteed security patches and a diverging API surface.

Decision
Block
Expires
30 days from issuance

What must change:

  • Import locations inventoried
  • Migration to google-genai SDK completed or scheduled

Governed next steps

  1. Priority 1 — Seed A: Import inventory

    Unlock: Codebase access available.

    Exit: All import sites documented.

  2. Priority 2 — Seed B: SDK migration

    Unlock: Import inventory complete (Seed A).

    Exit: Deprecated package removed from all manifests; tests pass on new SDK.