frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Show HN: CLI that helps AI agents avoid vulnerable dependencies

https://github.com/clidey/deptrust
9•modelorona•1d ago
deptrust is a CLI that checks package versions for known vulnerabilities across npm, PyPI, crates.io, Go modules, RubyGems, NuGet, Maven, Packagist, pub.dev, CocoaPods, Hex.pm, Hackage, GitHub Actions, and more.

It runs locally as a CLI and as an MCP server. It calls public package registry and OSV APIs directly; there is no hosted deptrust service.

I built this because AI coding agents kept suggesting outdated or vulnerable package versions. I kept having to manually tell tools like Claude and Codex to use newer, safer versions.

deptrust gives the agent a quick way to verify whether a dependency version has known vulnerabilities before it installs or recommends it.

You can install it with:

1. pnpx @clidey/deptrust@latest install

2. brew install clidey/tap/deptrust

3. Or directly with go: go install github.com/clidey/deptrust/cmd/deptrust@latest

Comments

scottcodie•1h ago
If this was a claude plugin with a hook on my dep files, I'd be in.

Virginia bans sale of geolocation data

https://www.hunton.com/privacy-and-cybersecurity-law-blog/virginia-bans-sale-of-geolocation-data
453•toomuchtodo•4h ago•78 comments

An American Privacy Emergency

https://scottaaronson.blog/?p=9902
114•flowercalled•1h ago•12 comments

crustc: entirety of `rustc`, translated to C

https://github.com/FractalFir/crustc
121•Philpax•2h ago•27 comments

GitHub is proud to announce that you can now obtain your public repo on CD-ROM

https://forms.cloud.microsoft/pages/responsepage.aspx?id=v4j5cvGGr0GRqy180BHbR6G-c11n8yFDlQmk4B-Q...
35•throwaway2027•1h ago•25 comments

Reality has a surprising amount of detail (2017)

https://johnsalvatier.org/blog/2017/reality-has-a-surprising-amount-of-detail
131•vinhnx•5d ago•45 comments

Exapunks (2018)

https://www.zachtronics.com/exapunks/
217•yu3zhou4•6h ago•79 comments

CarPlay Is Additive

https://www.caseyliss.com/2026/7/2/carplay-is-additive-you-dolts
11•sprawl_•27m ago•6 comments

Since Linux 6.9, LUKS suspend stopped wiping disk-encryption keys from memory

https://mathstodon.xyz/@iblech/116769502749142438
397•IngoBlechschmid•10h ago•187 comments

Mystery identity of 'Green Boots' climber is finally solved after DNA test

https://www.dailymail.com/news/article-15943905/Mystery-identity-Green-Boots-climber-macabre-land...
46•FireBeyond•2h ago•18 comments

Podman v6.0.0

https://blog.podman.io/2026/07/introducing-podman-v6-0-0/
392•soheilpro•11h ago•151 comments

PeerTube is a free, decentralized and federated video platform

https://github.com/Chocobozzz/PeerTube
513•doener•14h ago•228 comments

"An AI Job Apocalypse?" – Goldman Sachs Report [pdf]

https://www.goldmansachs.com/static-libs/pdf-redirect/prod/index.html?path=/pdfs/insights/goldman...
16•aanet•1h ago•28 comments

Right to Local Intelligence

https://righttointelligence.org/
16•thoughtpeddler•1h ago•6 comments

EFF letter to FTC on X consent order (2 July 2026) [pdf]

https://cdn.arstechnica.net/wp-content/uploads/2026/07/EFF-letter-to-FTC-on-X-consent-order-7-2-2...
104•Terretta•6h ago•26 comments

How to ask for help from people who don't know you

https://pradyuprasad.com/writings/how-to-ask-for-help/
388•FigurativeVoid•12h ago•62 comments

This is my attempt to get Vulkan going on NetBSD

https://github.com/segaboy/vulkan-netbsd
81•segaboy81•6h ago•18 comments

Postgres transactions are a distributed systems superpower

https://www.dbos.dev/blog/co-locating-workflow-state-with-your-data
109•KraftyOne•6h ago•52 comments

Superpowers 6

https://blog.fsck.com/2026/06/15/Superpowers-6/
72•seahorseemoji•2d ago•32 comments

Lightning Memory-Mapped Database Manager (LMDB) 1.0

http://www.lmdb.tech/doc/
60•radiator•5h ago•37 comments

FoundationDB's Flow – Bringing Actor-Based Concurrency to C++11

https://apple.github.io/foundationdb/flow.html
26•sourdecor•10h ago•4 comments

Show HN: Gitstock–Transform you GitHub commit history into K-line and animations

https://gitstock.org/
7•dares2573•2d ago•1 comments

Show HN: Inkwell – An RSS reader for e-ink devices

https://kendal.codeberg.page/inkwell/
22•imkendal•9h ago•3 comments

Show HN: Pieces – Social network for people

https://try.piecesof.me/
29•domo__knows•1d ago•18 comments

Claude-real-video - any LLM can watch a video

https://github.com/HUANGCHIHHUNGLeo/claude-real-video
78•cortexosmain•6h ago•27 comments

Great Salt Lake Tracker – Grow the Flow

https://growtheflowutah.org/laketracker/
59•cfowles•5h ago•19 comments

Immich 3.0

https://github.com/immich-app/immich/discussions/29439
191•hashier•11h ago•86 comments

The short leash AI coding method for beating Fable

https://blog.okturtles.org/2026/07/short-leash-ai-method/
60•Riseed•6h ago•61 comments

A Special Wireless-Free Nikon Camera Is Publicly Available for the First Time

https://petapixel.com/2026/06/24/a-special-wireless-free-nikon-camera-is-publicly-available-for-t...
13•HardwareLust•1w ago•10 comments

Apricot Computers: An underrated British brand

https://dfarq.homeip.net/apricot-computers-an-underrated-british-brand/
17•giuliomagnifico•1d ago•7 comments

JEP 539: Strict Field Initialization in the JVM moved to preview

https://openjdk.org/jeps/539
55•za3faran•6h ago•17 comments