Scan npm Dependencies for
Security Vulnerabilities
Upload your package.json or connect a GitHub repo. Get instant risk scores, CVE details, license audits, and automated upgrade recommendations.
🔍
CVE Detection
Cross-referenced against NVD, OSV & Snyk
📋
License Audit
Flag GPL, AGPL & unknown licenses
⬆️
Upgrade Paths
Safe version recommendations
📊
Risk Scores
CVSS-based severity ratings
Simple Pricing
Everything you need to keep your dependencies secure.
Pro
$15
/month · cancel anytime
- ✓Unlimited package.json scans
- ✓GitHub repo integration
- ✓CVE & license reports
- ✓Automated upgrade PRs
- ✓Slack & email alerts
- ✓Priority support
Frequently Asked Questions
Which vulnerability databases do you check?
We cross-reference npm audit, the OSV (Open Source Vulnerabilities) database, and Snyk's advisory feed to give you the most comprehensive coverage available.
How do I connect my GitHub repository?
After subscribing, you'll authorize DepScan via GitHub OAuth. We read your package.json and lock files, run the scan, and post results as a PR comment or issue — no code access required.
Can I scan private packages?
Yes. You can provide an npm auth token in your account settings. DepScan uses it only to resolve package metadata and never stores your token beyond the session.