mopanc/depguard

Overview

A TypeScript CLI tool that audits npm packages for security vulnerabilities, maintenance status, license compliance, and dependency quality. It evaluates each package and recommends whether to install it or write the functionality from scratch.

Best for

Best for
Solo developers or small teams needing a quick sanity check on a few npm dependencies

Use cases

• Auditing a package's security and maintenance health before adding it to a project
• Checking license compatibility across a project's dependency tree
• Evaluating whether an external package is worth the risk vs. implementing a custom solution

Notes

A TypeScript CLI tool that audits npm packages for security vulnerabilities, maintenance status, license compliance, and dependency quality. It evaluates each package and recommends whether to install it or write the functionality from scratch.

12 stars on GitHub. Last updated 2026-06-01. Licensed Apache-2.0.

Use cases

• Auditing a package’s security and maintenance health before adding it to a project
• Checking license compatibility across a project’s dependency tree
• Evaluating whether an external package is worth the risk vs. implementing a custom solution

Pros

• Focused security and quality audit for npm packages
• Clear recommendation to install or build custom
• Open source with a simple command-line interface

Cons

• Low star count (12) suggests very limited community adoption and testing
• May lack updates or ongoing maintenance
• No integration with popular CI/CD workflows out of the box

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.