Skip to content
Tech News
← Back to articles

Show HN: CLI that helps AI agents avoid vulnerable dependencies

read original more articles
Why This Matters

deptrust is a versatile CLI tool that scans multiple programming ecosystems for vulnerable dependencies, helping developers ensure their AI agents and projects use secure package versions. By directly querying public APIs without relying on hosted services, it offers a transparent and reliable way to mitigate security risks associated with outdated or compromised dependencies. This enhances both developer productivity and overall software security in the rapidly evolving tech landscape.

Key Takeaways

deptrust

__ __ __ ___/ /___ ___ / /________ _______/ /_ / _ / __ \/ _ \/ __/ ___/ / / / ___/ __/ / __/ /_/ / __/ /_/ / / /_/ (__ ) /_ \__,_/\____/ .___/\__/_/ \__,_/____/\__/ /_/

deptrust is a CLI that checks package versions for known vulnerabilities across npm, PyPI, crates.io, Go modules, RubyGems, NuGet, Maven, Packagist, pub.dev, CocoaPods, Hex.pm, Hackage, GitHub Actions, and more.

It runs locally as a CLI and as an MCP server. It calls public package registry and OSV APIs directly; there is no hosted deptrust service to trust or configure.

This tool was born out of the frustration that is AI agents constantly using old versions.

Contents

Scope

Supported ecosystems:

npm, including scoped packages like @clidey/ux

PyPI

... continue reading