DepsGuard is a command-line interface (CLI) tool designed to help users protect their project dependencies from supply chain attacks. It addresses the risks posed by compromised packages and malicious code introduced through popular package managers by scanning configuration files and enabling security best practices. The tool is intended for developers or teams concerned about the security of their software supply chain, particularly those using npm, pnpm, yarn, bun, aube, uv, pip, and poetry.
The platform operates through an interactive terminal user interface (TUI). Upon running DepsGuard in the terminal, it scans the system and presents a table of findings related to security settings in package manager configurations. Users can navigate through suggested fixes, preview changes with a diff view, and selectively apply or skip recommended adjustments. The tool supports repo-level configuration discovery, recursive directory searches, and user-level config checks. It also provides features for filtering, bulk selection by file type, and viewing only currently selected fixes. Before making changes, DepsGuard creates timestamped backups, allowing users to restore previous states if needed. After applying fixes, it automatically rescans to verify that all issues have been addressed.
DepsGuard checks for and helps enable a range of security settings, such as delaying adoption of new package versions, blocking install scripts, preventing untrusted transitive dependencies, enforcing provenance policies, and failing on unreviewed build scripts. It supports multiple package managers and configuration formats, with detailed support for npm, pnpm, yarn, and others. The tool is compatible with macOS, Linux, and Windows, and can be installed via Homebrew, APT, WinGet, Scoop, Cargo, or by downloading direct binaries. It requires no external dependencies.
The tool is distributed under the MIT license, making it open source. Its installation and usage instructions, along with troubleshooting and documentation, are provided in the README. DepsGuard is positioned as a security-focused CLI utility for proactively managing and securing software dependencies against evolving supply chain threats.
In the CLI tools & terminal space, DepsGuard takes a focused approach. It focuses on preventing supply chain attacks by scanning and securing project dependencies automatically. It is built as an open-source project for software developers. DepsGuard is open source under the MIT license. DepsGuard is available on the command line, macOS, Windows, and Linux.
Arnica builds and maintains DepsGuard, and the product first shipped in 2026. Development happens publicly on GitHub with 385 stars and 113 commits in the last 90 days. PulseGate's similarity index finds few close equivalents — DepsGuard occupies a relatively distinct niche. Key capabilities include dependency scanning, supply chain security, and zero dependencies.
Latest indexed changes and source events
arnica/depsguard discovered by the PulseGate indexer
Other apps tracked under the same category.