Show HN: CLI that helps AI agents avoid vulnerable dependencies
Sentiment Mix
Geography
Expert Signals
modelorona
author • 1 mention
Hacker News
source • 1 mention
AI-Generated Claims
Generated from linked receipts; click sources for full context.
deptrust is a CLI that checks package versions for known vulnerabilities across npm, PyPI, crates.io, Go modules, RubyGems, NuGet, Maven, Packagist, pub.dev, CocoaPods, Hex.pm, Hackage, GitHub Actions, and more.It runs locally as a CLI and as an MCP server.
Supported by 1 story
It calls public package registry and OSV APIs directly; there is no hosted deptrust service.I built this because AI coding agents kept suggesting outdated or vulnerable package versions.
Supported by 1 story
I kept having to manually tell tools like Claude and Codex to use newer, safer versions.deptrust gives the agent a quick way to verify whether a dependency version has known vulnerabilities before it installs or recommends it.You can install it with:1.
Supported by 1 story
pnpx @clidey/deptrust@latest install2.
Supported by 1 story
brew install clidey/tap/deptrust3.
Supported by 1 story
Paper to Product Links
Related Events
Show HN: I built an open-source alternative to Claude Cowork
LLMs • 7/2/2026
Launch HN: Manufact (YC S25) – MCP Cloud
Product Launch • 7/2/2026
Show HN: ctx – Search the coding agent history already on your machine
Uncategorized • 7/3/2026
US Treasury Secretary warns bank CEOs on Anthropic's new AI model - Finextra Research
Security • 7/3/2026
Anthropic Unveils AI Tool for Scientists and Medical R&D - BankInfoSecurity
LLMs • 7/3/2026