DepBrief is now installable:

npx depbrief login --token ghp_your_token
npx depbrief scan .

That's it. Point it at any Node.js project and it will tell you what's outdated, what changed upstream, and which files in your specific codebase are affected.

What it actually does

Most dependency update tools tell you a package is outdated. DepBrief tells you:

  • Which files in your repo import the outdated package
  • Which specific APIs you're using that changed
  • Whether any breaking changes actually hit your code
  • Whether a CVE was present in your installed version
  • What the risk level is for your upgrade

Every fact is sourced. File paths are verified. The AI summarizes what changed; it doesn't invent it.

The pipeline

parse package.json + lockfile
  → check npm registry for latest versions
  → fetch GitHub release notes between versions
  → AI summarizer extracts breaking changes, CVEs, deprecations
  → scan codebase for imports and symbol usage
  → generate a verified PR description

The key constraint throughout: every file path, line number, version number, and count is re-checked before it's shown to you. No hallucinated impact analysis.

Current state

  • 8 build milestones complete
  • 375+ tests
  • Works with GITHUB_TOKEN (no GitHub App required for beta)
  • depbrief scan, report, pr, diff, doctor, login, serve
  • npm-publish ready (running npm publish once the npm account is set up)

If you manage dependencies in a Node.js project and you're tired of vague Dependabot PRs, I'd love for you to try it.

React to this post: