README.md — Dep Detective 🔍

The agent for developers who open a project after a month away and feel a knot in their stomach when they run npm outdated.

What It Does

Dep Detective investigates your outdated dependencies so you don't have to manually trawl changelogs, GitHub releases, CVE databases, and migration guides.

Give it your package.json, requirements.txt, or the output of *outdated — it comes back with:

• What actually changed between your version and latest (not just the version number)
• Breaking changes that will affect your code — specific, not vague
• Security vulnerabilities with severity and exploitability context
• A prioritized upgrade plan — what to do first, why, and in what order

The Pain It Solves

You're maintaining a Node app. You run npm outdated. 47 packages. You think:

• "Is any of this a security issue I need to fix tonight?"
• "Will upgrading express break my middleware?"
• "What even changed in webpack v5 that I need to care about?"
• "Do I need to do all of these, or just some?"

Answering those questions manually means opening 47 changelogs, GitHub releases, security advisory pages, and migration guides. That's 3 hours you don't have.

Dep Detective does it in one session.

Usage

Install: clawpack install dep-detective

Then chat naturally:

• "Audit my dependencies" (paste your package file)
• "Is it safe to upgrade react from 17 to 18?"
• "What changed in express v5 that I should know about?"
• "I have a CVE warning for lodash — should I be worried?"

What Makes It Different

Most tools just show you version numbers. Dep Detective researches the meaning of those version gaps — breaking changes, migration requirements, security impact — and tells you what matters and what doesn't.

No API keys required. Uses web search to pull changelogs, release notes, CVE databases, and GitHub issues in real time.

Requirements

• No API keys
• Works with: Node.js, Python, Ruby, Go, Rust