You have 47 unreviewed Dependabot PRs. It’s midnight, CI is green, and you’ve merged dozens of these before. And yet...
Maintainers aren’t careless — they’re exhausted. And modern supply-chain attacks are specifically designed to slip past smart, well-intentioned humans doing their best under impossible workloads.
This tool gives every dependency PR a data-backed second opinion before it merges.
What it checks:
- Known vulnerabilities — OSV database (includes OpenSSF malicious-packages)
- Supply chain score — Socket.dev for obfuscated code, install-time scripts, typosquatting
- What code actually changed — diffs the package archives; flags new binaries, new install hooks, network calls, obfuscated code, git-URL dependencies
- Release freshness — flags releases under 24h ("very fresh") or 7 days ("recent"); won't auto-merge anything under 7 days by default
- Maintainer changes — a new account publishing a popular package is a classic attack vector
- Build provenance — SLSA attestations; flags dropped tag signing and re-release patterns
- Repo health — OpenSSF Scorecard for dangerous CI workflows, overprivileged tokens, maintenance status
- Zombie packages — deprecated packages and patches to abandoned major version lines
- Suspicious PR files — CI scripts or Dockerfiles in a "routine dep bump" are a red flag
Classifies 🟢 GREEN / 🟡 YELLOW / 🔴 RED, posts a comment explaining its reasoning, and takes action based on your config (or nothing if you haven't configured anything).
Status: Experimental — self-hosted, bring your own keys. No shared infrastructure, no accounts, no sign-up.
Single dependency run:
![Running against requests 2.32.0 [pip] returns RED result due to pulled release](https://private-user-images.githubusercontent.com/332535/599335045-d1c0c081-a756-43d6-a397-c6da720196c0.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODA1NjUzMjMsIm5iZiI6MTc4MDU2NTAyMywicGF0aCI6Ii8zMzI1MzUvNTk5MzM1MDQ1LWQxYzBjMDgxLWE3NTYtNDNkNi1hMzk3LWM2ZGE3MjAxOTZjMC5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjA0JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYwNFQwOTIzNDNaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT0yMzZiMGExMmNiMGRjNjRiMDJiZDAwOWI4MjNiNDQzMzE2OTEyZDhjY2I5ODBmNzI2NDlhZWU0NmFlNThlYzVhJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.0Zpa_XIjEVWW9GijfDH8KJTWPyBG34_AjWmLvDbb2TA)
Running across PR queue:
Temporal UI running checks:
Posting comment to GitHub:
Just want to check packages? No clone needed — install from PyPI:
# One-off: no install required
uvx dependency-scout check requests 2.32.0 --from 2.31.0 --ecosystem pip
# Persistent install
uv tool install dependency-scout
dependency-scout check requests 2.32.0 --from 2.31.0 --ecosystem pipWant PR triage, auto-merge, or webhook mode? Those require a running Temporal worker — continue with the full setup below.
You need Python 3.10+, uv, and the Temporal CLI.
git clone https://github.com/temporal-community/dependency-scout
cd dependency-scout
uv run python setup.pyThe setup script checks prerequisites, explains the tradeoffs between a PAT and a GitHub App, lets you choose your LLM (Claude, OpenAI, Ollama, or skip), and writes .env.
The Temporal dev server runs entirely on your machine — no account, no payment, no sign-up:
# Terminal 1 — Temporal dev server
temporal server start-dev
# Terminal 2 — Scout worker
uv run python -m worker
# Terminal 3 — triage a single PR
uv run dependency-scout triage https://github.com/your-org/your-repo/pull/123Open http://localhost:8233 to watch the workflow run. With GITHUB_TOKEN set, the Scout posts a comment directly on the PR — here's a real example.
No API keys needed to start — the rule-based classifier runs entirely locally. Without GITHUB_TOKEN it prints what it would have posted instead of actually posting it.
Once the worker is running, point it at a whole repo to clear the backlog:
# Triage every open Dependabot/Renovate PR in a repo
uv run dependency-scout triage --repo your-org/your-repo
# Or limit to a subset while you're getting a feel for it
uv run dependency-scout triage --repo your-org/your-repo --limit 5The Scout can also vet a dependency before you install or upgrade it — useful when you're adding something new or when an agent is about to run pip install / npm install:
# Fresh install check (no old version)
uv run dependency-scout check requests 2.32.0
# Upgrade check
uv run dependency-scout check requests 2.32.0 --from 2.31.0 --ecosystem pip
# Different ecosystems
uv run dependency-scout check @angular/core 18.0.0 --ecosystem npm
uv run dependency-scout check serde 1.0.219 --ecosystem cargoExit codes are scriptable: 0 = green, 1 = yellow, 2 = red.
Results are automatically shared across callers — if another project already checked the same version bump today, you get the cached verdict instantly.
Add the Scout as an MCP server so Claude Code can call it automatically when it's about to install a new dependency. From the dependency-scout directory:
claude mcp add dependency-scout -- uv run python -m mcp_serverOnce configured, Claude Code will have a check_dependency tool available and can call it before pip install, npm install, etc.
Test by asking Claude a question like:
Check if requests 2.32.0 is safe to install
You should get back a response somewhat like:
⏺ Let me use the dependency-scout MCP tool to check that package.
Called dependency-scout (ctrl+o to expand)
⏺ RED — Do not install requests 2.32.0.
Here's the summary of why:
- Version is yanked on PyPI — officially pulled due to a conflict with the CVE-2024-35195
mitigation. It broke applications using custom schemes (e.g. docker-py).
- Open CVEs not fixed — CVE-2024-47081 and CVE-2026-25645 remain unresolved at this version.
- Install script regression — setup.py was substantially rewritten, reverting from modern
pyproject.toml packaging to a legacy build script with older Python/dependency constraints.
- Maintainer change with unknown account age adds further supply chain concern.
Recommendation: upgrade to requests 2.32.2 or newer — that's the version that properly resolved
the CVE regression without the breakage that caused 2.32.0 to be yanked.
The Scout works with zero configuration — rule-based classifier, no PR comments, no auto-actions. Each addition makes it smarter or more capable:
.env setting |
What it enables |
|---|---|
| (none) | Rule-based classifier, log-only output |
ANTHROPIC_API_KEY |
Claude classifies (set ANTHROPIC_MODEL to pin a version) |
OPENAI_API_KEY + OPENAI_MODEL |
OpenAI classifies instead |
OLLAMA_HOST + OLLAMA_MODEL |
Local Ollama classifies — free, no data leaves your machine |
CLASSIFIER=rule_based |
Force rule-based even when an LLM key is present |
GITHUB_TOKEN or GitHub App |
Posts real PR comments on GitHub |
GITLAB_TOKEN |
Posts real MR comments on GitLab |
ENABLE_PR_ACTIONS=true |
Can automatically merge GREEN PRs and/or close RED ones |
SOCKET_API_KEY |
Adds Socket.dev supply-chain score check (create token — scope: packages:list) |
Copy .env.example to .env and fill in what you have, or run uv run python setup.py to be walked through it interactively.
Once you're happy with the results, you can set up the Scout as a persistent webhook listener — it triages every new Dependabot or Renovate PR automatically and can auto-merge GREEN ones or close RED ones. This requires a server that stays up when your laptop closes. See docs/deployment.md.
Add .github/dependency-scout.yml to any repo where you want the Scout to do more than comment. All fields are optional — omitting the file entirely is safe (comment-only mode). A ready-to-copy template is at .github/dependency-scout.yml.example.
See docs/configuration.md for the full field reference.
| Data | Where it goes | Notes |
|---|---|---|
| Package name, version numbers | OSV, Socket.dev, deps.dev, pypistats | Public registry APIs — this data is already public |
| Package archive (the actual .whl/.tgz/.gem) | Downloaded to local temp dir, deleted after diff | Never forwarded to any external service |
| Diff summary (changed file names + added/removed lines) | Your configured LLM (Claude/OpenAI/Ollama) | Up to 100 KB of actual code changes |
| Package description, release notes, Socket alert strings | Your configured LLM | Labeled as untrusted in the prompt |
| Source repo URL (from registry metadata) | GitHub API | Used to look up release tags and CI workflow changes |
The diff summary does include real code lines from the package archive. For private packages on a self-hosted registry, use Ollama to keep analysis fully local. The rule-based classifier (the default when no LLM key is configured) runs entirely locally.
pip/uv, npm, RubyGems, Cargo, Composer, Maven/Gradle, NuGet, Go modules, GitHub Actions, Mix (Hex), Pub (Dart/Flutter), Elm, Docker, Terraform, Swift. Signal availability varies by registry — see docs/architecture.md for the full coverage table.
- Configuration reference — every
.github/dependency-scout.ymlfield - How it works — two-workflow design, checks, classifier, security hardening
- Deployment — production setup, secrets, Temporal options, scaling
- Security hardening — token scoping, auto-merge thresholds, prompt injection
- Contributing — adding checks, ecosystems, detection patterns, design principles
- Extending with plugins — ecosystem, classifier, platform, and check plugins
A Temporal Community project. Credit to Daniel Hensby for inspiration.