Products/DevTools/deptrust

deptrust

deptrust is a CLI that checks package versions for known vulnerabilities across npm, PyPI, crates.io, Go modules, RubyGe...

DevTools
deptrust

Our Take

Someone finally noticed the elephant in the room: AI coding agents are writing code faster than ever, but they're also recommending dependencies with known vulnerabilities like it's no big deal. One developer got tired of manually correcting Claude and other AI tools every time they spat out an outdated package version with CVEs attached, so they built deptrust—a CLI that checks package versions against known vulnerabilities across npm, PyPI, crates.io, Go modules, RubyGems, NuGet, Maven, Packagist, pub.dev, CocoaPods, Hex.pm, Hackage, GitHub Actions, and more. That's fourteen package ecosystems covered. Fourteen.

The beautiful part? There's no hosted service. No account to create. No vendor lock-in. Deptrust runs entirely local—call it as a CLI or integrate it as an MCP server—and it hits public package registry and OSV APIs directly. It just works. As AI coding agents become everyone's pair programmer, the last thing you want is them shipping known vulnerabilities into production. Deptrust is the bouncer at the door checking the guest list.

Key Facts

Category
DevTools
Discovered via
hacker-news

The people behind deptrust

A

Anguel

profile

Developer

Yes yes that's me

Links

Browse by category

Similar products worth knowing

Want products like this in your inbox every morning?

Five products. Every morning. Written by someone who actually cares whether they're good or not. Free forever, unsubscribe whenever.

deptrust — SLAYREPORT