I built a CLI tool called DepDrift to help devs spot stale, lagging, and risky dependencies in their JS projects.
The idea came from watching too many projects rot quietly under the surface — packages that haven’t been updated in years, subdependencies locked by indirect installs, and security patches missed because "it still works." You know the drill.
What DepDrift does:
Scans your full dependency tree (including subdependencies)
Gives you a drift + security score
Flags outdated or risky packages
(Coming soon) Pulls changelogs/releases so you can actually see what’s changed
(Planned) Advises which top-level packages to bump to update stale nested deps
HTML and CLI reports included.
It's early (v0.1.0), but useful already. Would love feedback, bug reports, feature ideas.
Hey HN,
I built a CLI tool called DepDrift to help devs spot stale, lagging, and risky dependencies in their JS projects.
The idea came from watching too many projects rot quietly under the surface — packages that haven’t been updated in years, subdependencies locked by indirect installs, and security patches missed because "it still works." You know the drill.
What DepDrift does:
Scans your full dependency tree (including subdependencies)
Gives you a drift + security score
Flags outdated or risky packages
(Coming soon) Pulls changelogs/releases so you can actually see what’s changed
(Planned) Advises which top-level packages to bump to update stale nested deps
HTML and CLI reports included.
It's early (v0.1.0), but useful already. Would love feedback, bug reports, feature ideas.
GitHub: https://github.com/tirtha-sarkar/depdrift NPM: https://www.npmjs.com/package/depdrift
Thanks for checking it out!