🛡️Security

DepSecure

Blocks vulnerable dependencies at commit time using OSV.

DepSecure hooks into your pre-commit flow and checks every dependency against the OSV vulnerability database. If a package has a known CVE, the commit is blocked before it merges.

View on GitHub ↗

$pip install depsecure

depsecure — zsh

→ git commit -m 'add user auth'

▮

/ the problem

Dependabot catches vulnerable packages after they've merged. That's too late.

AI coding assistants suggest packages from training data that's months old. By the time Dependabot alerts you, the vulnerable package is in main, in staging, maybe in production. DepSecure blocks it at the commit hook.

/ how it works

Four steps. One command.

🔗

Hook into pre-commit

Installs as a pre-commit hook — zero config, runs on every commit automatically

📦

Parse dependencies

Reads requirements.txt, package.json, Pipfile, or pyproject.toml

🔎

Query OSV database

Checks each package+version against the OSV vulnerability database in real time

🛑

Block and explain

Fails the commit with the CVE ID, severity, and the safe version to upgrade to

/ use cases

When to reach for DepSecure

✓Pre-commit vulnerability gate

✓CI/CD security pipeline

✓Supply chain attack prevention

✓Compliance audits (SOC2, ISO27001)

Ready to use DepSecure?

MIT licensed. One command install. Works in CI today.

$pip install depsecure

Full docs on GitHub ↗

/ stay in the loop

New tools ship weekly.

Get notified when new tools land, features ship, or a tool reaches 1k stars. No noise. Unsubscribe any time.