depsguard

depsguard is a CLI and a TUI tool for checking package manager configurations against packages compromised in supply-chain attacks and gives recommended safety guidelines.

After scanning popular package managers such as npm, pnpm, yarn, bun, uv, pip and poetry, depsguard compares local settings with the safer default guidelines and gives recommendations. It also checks renovate and dependabot configs, shows read-only reports, can preview diffs and lets you pick fixes before anything is written.

This tool itself has zero third-party dependencies and is safe to be used in CI environments. It never runs package installs, only edits config files for you to approve, and it keeps changes controlled with timestamped backups.

depsguard helps security teams and library authors to catch and detect high-risk packages before updating dependencies, CI builds, and package installation routines.