Security●●●Banger
Stacktower – Dependency audits inspired by Xkcd 2347
XKCD-inspired treemap visualization makes dependency sprawl finally readable.
Eye CandySolve My Problem
matzehuels
2027d ago
Back to browse
GitHub Repository
Dependency audit, vulnerability scanning & license compliance. 10 package managers, 100% local, zero telemetry.
0 starsShell
DepGuard – Local dependency audit and license compliance (10 pkg mgrs)
by suhteevah·Feb 15, 2026·2 points·0 comments
AI Analysis
●MidSolve My Problem
Wraps native audits (npm audit, cargo audit) + license scanning, but Snyk and Dependabot already do this.
Strengths
- •Supports 10 package managers with auto-detection; genuine multi-language coverage in one tool.
- •Local-only execution and offline license validation address privacy concerns vs. Snyk.
- •Git hooks for lockfile protection and CycloneDX SBOM generation are table-stakes compliance features.
Weaknesses
- •Core premise (aggregating native audits) is orthogonal to vulnerability detection—doesn't improve accuracy.
- •Paid tiers ($19–39/user/mo) compete directly with Dependabot (free GitHub integration) and Snyk (cheaper per org).
Category
Target Audience
DevOps engineers, security-focused development teams, compliance officers
Similar To
Snyk · Dependabot · OWASP Dependency-Check
Post Description
Hi HN,
DepGuard is a single tool that wraps native package manager audit commands (npm audit, pip-audit, cargo audit, govulncheck, etc.) and adds license compliance on top.
Why I built it: I was tired of running different audit commands for different projects and having no unified view of license risk. Snyk solves this but sends your data to the cloud. I wanted something local-only.
What it does: - Detects your package manager automatically (supports 10: npm, yarn, pnpm, pip, cargo, go, composer, bundler, maven, gradle) - Runs the native audit tool for each - Scans all dependency licenses and categorizes them (permissive/copyleft/unknown) - Generates CycloneDX SBOMs for compliance - Git hooks that block commits modifying lockfiles with critical vulns - Auto-fix by upgrading to patched versions
Design decisions: - Uses native audit tools, not a proprietary vulnerability database - Everything runs locally — no code or dep lists sent externally - License validation is offline (JWT, no phone-home) - Free: one-shot scan + license check. Pro ($19/user/mo): hooks + auto-fix. Team ($39/user/mo): SBOM + compliance.
Install: `clawhub install depguard`
Landing page: https://depguard.pages.dev
Curious if license compliance is something you've been asked about by legal/compliance teams. That's been the most requested feature in my experience.
Similar Projects
Developer Tools●●Solid
license checker for npm projects
License classifier for npm with CI enforcement, but tools like FOSSA and Snyk already own this.
Solve My ProblemShip It
chrillemn
303mo ago
Security●●●Banger
Scan a website to see its EU soverignty socre
EU sovereignty scoring fills a genuine compliance gap for GDPR and Schrems II.
Niche GemSolve My Problem
domdaddydo
103mo ago
Security●Mid
Sentinel – Deterministic WASM Auditor for EU AI Act Compliance
EU AI Act auditor as a GitHub Action—promise is strong, but implementation details are vague.
Bold Bet
sentinel_ai_act
223mo ago
Security●●Solid
Shinobi – 10-second security scanner for developers
Regex-based secret scanner with AI risk checks; competes directly with Trufflehogg, git-secrets, Snyk.
Ship ItSolve My Problem
SolidDark
203mo ago
Security●●Solid
TrustScan – Simplify privacy policies and audit GDPR compliance
Client-side compliance auditing ensures your sensitive data never touches their servers.
CozySolve My Problem
hafizjavid
113mo ago