I built an open-source dependency intelligence platform in TypeScript — here's how it works
Zayd Mulani has developed an open-source dependency intelligence platform called depgraph using TypeScript. This tool helps teams identify risky dependencies before they cause issues by providing a live risk-scored dependency graph. It includes features like risk scoring, an interactive graph, and a policy engine to manage package approvals.
- ▪Depgraph crawls npm, PyPI, and Cargo registries to assess package risks.
- ▪Packages are scored based on security, maintenance, compatibility, concentration, blast radius, and operational health.
- ▪The platform allows users to define rules for package management and runs checks on pull requests.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3939133) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Zayd Mulani Posted on May 29 I built an open-source dependency intelligence platform in TypeScript — here's how it works #webdev #opensource #security #typescript Most teams find out their dependencies are risky after something breaks. A maintainer disappears, a vulnerability sits unpatched for months, or a single package with one contributor becomes a hidden outage waiting to happen. I wanted a tool that told you this stuff before it became a problem.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
