deptrust
deptrust is a CLI that checks package versions for known vulnerabilities across npm, PyPI, crates.io, Go modules, RubyGe...

Our Take
Someone finally noticed the elephant in the room: AI coding agents are writing code faster than ever, but they're also recommending dependencies with known vulnerabilities like it's no big deal. One developer got tired of manually correcting Claude and other AI tools every time they spat out an outdated package version with CVEs attached, so they built deptrust—a CLI that checks package versions against known vulnerabilities across npm, PyPI, crates.io, Go modules, RubyGems, NuGet, Maven, Packagist, pub.dev, CocoaPods, Hex.pm, Hackage, GitHub Actions, and more. That's fourteen package ecosystems covered. Fourteen.
The beautiful part? There's no hosted service. No account to create. No vendor lock-in. Deptrust runs entirely local—call it as a CLI or integrate it as an MCP server—and it hits public package registry and OSV APIs directly. It just works. As AI coding agents become everyone's pair programmer, the last thing you want is them shipping known vulnerabilities into production. Deptrust is the bouncer at the door checking the guest list.
Key Facts
The people behind deptrust
Links
Browse by category
Similar products worth knowing

Modal
serverless platform for AI teams

Cost.dev (YC W21) – making agents cost-aware and cheaper to call
Cloud cost awareness for your coding agent or IDE

Browser Use
Leading open-source web agent project with 50k stars in 3 months

Onlook
An open-source visual editor that connects to live codebases, letting designers drag real components and submit pull req
Want products like this in your inbox every morning?
Five products. Every morning. Written by someone who actually cares whether they're good or not. Free forever, unsubscribe whenever.