Dependency intelligence platform

Dependency intelligence built for engineering leads

Depswright analyzes your full dependency graph — not just the packages you wrote — and surfaces conflicts, license issues, and maintainer risk before they reach production.

200+ graphs monitored
~94% detection rate
9 package ecosystems
Start Free Trial Read the Docs
depswright scan --verbose 
Reading package.json, requirements.txt...
Resolving 847 packages (full graph)...
 
✓ Graph resolution complete
✓ CVE scan: 0 critical
⚠ License drift: 1 package
✗ Abandoned maintainer: 1 package
 
Report: https://app.depswright.com/r/abc123

Platform features

Built for the full dependency lifecycle

Full graph traversal

We follow the chain — all the way down

Most tools scan your direct dependencies. Depswright resolves the full graph — transitive deps, peer deps, optional deps — and tracks which package introduced each issue.

Supports npm, yarn, pnpm, pip, Maven, Cargo, Go modules, RubyGems, and NuGet out of the box.

app react axios lodash+ redux xml-p

License policy engine

Define once, enforce everywhere

Write your license policy in a YAML file. Depswright evaluates every package in the graph against it on every scan. When a dep changes from MIT to AGPL, you know before your lawyers do.

depswright.yml 
policy:
  license:
    deny: ["AGPL-3.0", "GPL-2.0", "SSPL-1.0"]
    warn: ["LGPL-2.1", "CC-BY-SA-4.0"]
    allow: ["MIT", "Apache-2.0", "BSD-3-Clause"]

Maintainer health scoring

Beyond "last commit date"

A package with a commit last week might still be abandoned (auto-merge bot, one contributor). Depswright scores packages 0–100 based on commit cadence, issue response time, contributor count, and download trajectory.

health scores 
[email protected]         score: 91 ✓
[email protected]  score: 87 ✓
[email protected] score: 34 ⚠
 ↳ 1 contributor, 8mo stale issues
[email protected] score: 12 ✗
 ↳ last commit 14 months, 47 open issues

CI/CD integration hooks

Block bad deps before they ship

Wire Depswright into GitHub Actions, GitLab CI, or CircleCI. Fail the build on critical conflicts. Post inline PR annotations so the team knows what to fix before merge.

.github/workflows/deps.yml 
- name: Dependency audit
  uses: depswright/action@v2
  with:
    api_key: ${{ secrets.DEPSWRIGHT_KEY }}
    fail_on: critical
    annotate_pr: true

How it works

Four steps from install to insight

1 Install GitHub Action or CLI 2 Configure depswright.yml policy 3 Monitor Continuous graph analysis 4 Act Alerts + PR annotations

See the full dependency graph

A picture of your actual dependency risk

Abstract visualization of a dependency graph being analyzed by an automated system

Ready to see your full dependency graph?

Set up in under 10 minutes. Free tier includes 3 repos, unlimited scans.

Start Free Trial View Pricing