2.4M+
Packages scored
18K+
Risks detected this week
94%
Accuracy on abandoned packages
30s
Average scan time
Works with your existing tools
npm
Full npm ecosystem
GitHub
Repo activity analysis
OSV.dev
CVE database mapping
CI/CD Pipelines
GitHub Actions, GitLab CI
The Hidden Problem
Your dependency graph is bigger than you think.
20 direct dependencies can balloon to 500+ transitive packages. Most of them are never reviewed.
Dependency Tree
Your Application1 app
Your production codebase
Direct Dependencies~20 packages
Packages listed in package.json
Transitive Dependencies200–800 packages
Dependencies of your dependencies
Deep Transitive500+ more packages
The invisible layer nobody audits
73% OF VULNERABILITIES COME FROM TRANSITIVE DEPS
Abandonment Risk
Maintainers stop committing. No releases. No security patches.
Maintainer Compromise
A legitimate package account is hijacked. Malicious code ships as a routine update.
Supply Chain Attacks
Typosquatting and dependency confusion. Malicious PRs merged by inattentive maintainers.
Hidden Technical Debt
Packages locked to old major versions. Migration costs compound every quarter.
Platform Capabilities
Every dimension of dependency risk, in one place.
Built for developers who care about what ships to production. No fluff, just signals.
01 //
Health Scoring Engine
Every package receives a 0–100 score computed across 6 weighted dimensions: maintenance, bus factor, issue health, downloads, CVEs, and dependency freshness.
02 //
Abandonment Detection
Proprietary signals track commit cadence, issue response time, and maintainer activity to predict abandonment 6–12 months before it becomes obvious.
03 //
Supply Chain Monitoring
Real-time monitoring against OSV.dev, GitHub Advisory Database, and NVD. Get alerted the moment a CVE lands in your dependency tree.
04 //
Graph Visualization
Interactive force-directed graph rendering your entire dependency tree. Filter by risk level, drill into transitive chains, spot bottlenecks instantly.
05 //
Migration Intelligence
AI-powered suggestions for safer alternatives, automatically ranked by ecosystem adoption and compatibility.
06 //
CI/CD Integration
One-line GitHub Action. Fail builds on threshold breach, post risk summaries as PR comments, track score over time.
Developer Experience
Works where developers already work.
CLI, GitHub Action, or web dashboard — all three stay perfectly in sync.
CLI //
Instant scan, zero config.
$npx depgraph-scanner check
✓ Scanning 312 packages...
✓ Fetching GitHub activity...
Health Score: 42/100 ⚠ HIGH RISK
Critical: 2 High: 5 Medium: 8
Report: https://depgraph.dev/r/abc123
GitHub Action //
Block risky merges in CI.
# .github/workflows/depgraph.yml
on: [pull_request]
jobs:
scan:
steps:
- uses: py-kalki/depgraph-action@v1
with:
fail_on: critical
post_comment: true
threshold: 40
Dashboard //
Historical trends, team visibility.
📊 Score history: my-saas-app
Jun 10 ████████░░ 82 → Healthy
Jun 3 █████░░░░░ 54 → Medium
May 27 ████░░░░░░ 42 → High ⚠
↓ 40pts — event-stream added May 27
Comparison
Why DepGraph is different.
DepGraph
Recommended
Snyk
Dependabot
npm audit
Predictive health scoring
Abandonment detection
Supply chain monitoring
Migration guidance
CI/CD integration
Known CVEs
Historical trends
Team collaboration
Pricing
Start free. No credit card required.
The free tier is genuinely useful — not crippled. Upgrade to Pro when your project needs more.
Free
Everything you need to get started.
₹0/forever
npx depgraph-scanner check on any public project
Up to 3 saved projects
Public repositories only
Health scores + basic risk flags
30-day score history
Weekly email digest
Shareable report URLs
Most popular
Pro
For developers serious about dependency health.
₹99/month
Everything in Free
Unlimited saved projects
Public + private repositories
365-day score history
Real-time alerts (score drops, CVEs)
On-demand project re-scan
SBOM export (JSON/CycloneDX)
Migration path suggestions
FAQ