depGraph

We build tools for the paranoid.

DepGraph is a team of security researchers and open-source veterans dedicated to solving the software supply chain crisis before it happens.

The Problem

Modern software is built on a house of cards. A standard React application pulls in over 1,000 transitive dependencies, maintained by anonymous volunteers across the globe.

Tools like Dependabot and Snyk only alert you after a vulnerability is published. By that time, it's already a crisis. You are reacting, not predicting.

Our Mission

We believe dependency management should be predictive. We ingest billions of data points—commit velocity, issue resolution times, maintainer overlap, and historical trends—to score the health of every package in the npm registry.

We warn you when a critical transitive dependency is quietly abandoned, months before the first CVE is filed.

Built for scale.

Headquartered entirely on the internet, our systems analyze over 4 million packages daily. We are funded by engineers, for engineers.

Founded by Vedansh Danot.