deptrust, a CLI tool that checks package versions for known vulnerabilities across numerous package ecosystems (e.g., npm, PyPI, Go modules).
Raw Developer Origin & Technical Request
Hacker News
Jul 2, 2026
deptrust is a CLI that checks package versions for known vulnerabilities across npm, PyPI, crates.io, Go modules, RubyGems, NuGet, Maven, Packagist, pub.dev, CocoaPods, Hex.pm, Hackage, GitHub Actions, and more.It runs locally as a CLI and as an MCP server. It calls public package registry and OSV APIs directly; there is no hosted deptrust service.I built this because AI coding agents kept suggesting outdated or vulnerable package versions. I kept having to manually tell tools like Claude and Codex to use newer, safer versions.deptrust gives the agent a quick way to verify whether a dependency version has known vulnerabilities before it installs or recommends it.You can install it with:1. pnpx @clidey/deptrust@latest install2. brew install clidey/tap/deptrust3. Or directly with go: go install github.com/clidey/deptrust/cmd/deptrust@latest
Developer Debate & Comments
No active discussions extracted for this entry yet.
Frequently Asked Questions
Market intelligence mapped to deptrust, a CLI tool that checks package versions for known vulnerabilities across numerous package ecosystems (e.g., npm, PyPI, Go modules)..
How is deptrust, a CLI tool that checks package versions for known vulnerabilities across numerous package ecosystems (e.g., npm, PyPI, Go modules). positioned in the market?
What are the foundational technologies related to deptrust, a CLI tool that checks package versions for known vulnerabilities across numerous package ecosystems (e.g., npm, PyPI, Go modules).?
Engagement Signals
Cross-Market Term Frequency
Quantifies the cross-market adoption of foundational terms like CLI and AI agents by tracking occurrence frequency across active SaaS architectures and enterprise developer debates.
SaaS Metrics