SIGNAL GRIDv0.1

Show HN: CLI that helps AI agents avoid vulnerable dependencies

1 sources1 storiesFirst seen 7/1/2026Score32Mixed Progress
Single Source
CoverageRecencyEngagementVelocityBignessConfidenceClipability
Bigness
32
Coverage
13
Recency
90
Engagement
21
Velocity
0
Confidence
48
Clipability
60
Polarization
0
Claims
5
Contradictions
0
Breakthrough
50

Sentiment Mix

Positive0%
Neutral100%
Negative0%

Geography

North America

Expert Signals

modelorona

author1 mention

Hacker News

source1 mention

AI-Generated Claims

Generated from linked receipts; click sources for full context.

deptrust is a CLI that checks package versions for known vulnerabilities across npm, PyPI, crates.io, Go modules, RubyGems, NuGet, Maven, Packagist, pub.dev, CocoaPods, Hex.pm, Hackage, GitHub Actions, and more.It runs locally as a CLI and as an MCP server.

Supported by 1 story

It calls public package registry and OSV APIs directly; there is no hosted deptrust service.I built this because AI coding agents kept suggesting outdated or vulnerable package versions.

Supported by 1 story

I kept having to manually tell tools like Claude and Codex to use newer, safer versions.deptrust gives the agent a quick way to verify whether a dependency version has known vulnerabilities before it installs or recommends it.You can install it with:1.

Supported by 1 story

pnpx @clidey/deptrust@latest install2.

Supported by 1 story

brew install clidey/tap/deptrust3.

Supported by 1 story

Paper to Product Links

Related Events

Timeline (1 stories)

Jul 3 04:51 AMFirst
Show HN: CLI that helps AI agents avoid vulnerable dependencies
Hacker News13 engagement

Receipts (1)

Bias Snapshot

Center
Left 0%Center 100%Right 0%
Agggithub.com7/1/2026