WortinsPersonalize ↗
New AI Tools
GitHub ·

deptrust

Wortins’ read

Coding agents are notoriously trigger happy about running npm install or pip install on whatever a hallucinated tutorial suggests, and deptrust is a quiet seatbelt for that habit. It cross references a dozen package registries against OSV and GitHub Advisory data entirely on your machine, then hands back a blunt block, review, or allow verdict instead of a wall of CVE text. The MCP hook is the real pitch here, it lets your agent check its own homework before a supply chain mistake ships.

Read the full story at GitHub
Source: GitHub

Related stories