Deptrust: Package Vulnerability Checker
The Neuron 1 week ago
Deptrust is a CLI tool that checks package versions across 13 major package ecosystems (npm, PyPI, Cargo, Go modules, RubyGems, NuGet, Maven, Packagist, pub.dev, CocoaPods, Hex.pm, Hackage, and GitHub Actions) for known vulnerabilities by querying public registries and OSV APIs directly. The tool queries multiple vulnerability providers in parallel, including OSV and GitHub Advisory Database, and returns a recommendation ranging from "block" for critical vulnerabilities to "allow" when no known issues are found. Deptrust integrates with AI agents like Codex and Claude Code via MCP servers or CLI skills to automatically prevent agents from installing vulnerable package versions before they execute install or update commands.