Is io.github.ertugrulakben/dep-oracle safe to use?

io.github.ertugrulakben/dep-oracle has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.ertugrulakben/dep-oracle?

io.github.ertugrulakben/dep-oracle can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.ertugrulakben/dep-oracle?

io.github.ertugrulakben/dep-oracle is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is io.github.ertugrulakben/dep-oracle actively maintained?

io.github.ertugrulakben/dep-oracle is actively maintained — last commit was 26 days ago.

dep-oracle cover

dep-oracle

Predictive Dependency Security Engine

Quick Start · Features · Algorithm · MCP · Comparison

English | Turkce

Your dependencies have dependencies. Who's watching them?

dep-oracle is a predictive dependency security engine that calculates Trust Scores (0-100) for every package in your dependency tree. It detects zombie dependencies, measures blast radius, catches typosquatting attempts, and predicts future risks — before they become vulnerabilities.

Claude Code Security scans YOUR code. dep-oracle scans everything your code depends on.

Why?

Supply chain attacks increased 742% since 2019 (Sonatype 2024 Report)
The average npm project pulls in hundreds of transitive dependencies — any one could be compromised
npm audit only catches known CVEs — dep-oracle predicts future risks
You audit your code. But do you audit your trust?

Quick Start

# Zero install — just run it
npx dep-oracle

# Or install globally
npm install -g dep-oracle
dep-oracle scan

# Check a single package
dep-oracle check express

Features

| Feature | Description | |---------|-------------| | Trust Score | 0-100 weighted score per package (security, maintainer health, activity, popularity, funding, license) | | Zombie Detection | Finds unmaintained but critical packages (no commits in 12+ months) | | Blast Radius | Shows how many files are affected if a dependency is compromised | | Typosquat Detection | 1,847+ known packages + live npm registry lookup to catch suspicious names | | Trend Prediction | 3-month risk projection based on download/commit/release trends | | Migration Advisor | 131 package mappings with 192 safer alternatives for risky dependencies | | Offline Mode | Works from cache without internet (--offline) | | MCP Server | Native Claude Code integration — ask about your dependencies in natural language | | Multi-Format Output | Terminal (colored tree), HTML, JSON, and SARIF | | GitHub Action | Automate trust checks in your CI/CD pipeline |

Usage

# Scan current project
dep-oracle scan

# Scan with specific output format
dep-oracle scan --format json
dep-oracle scan --format html
dep-oracle scan --format sarif

# Check a single package
dep-oracle check lodash
dep-oracle check express@4.18.2

# Offline mode (uses cached data only)
dep-oracle scan --offline

# Set minimum score threshold (exit code 1 if below)
dep-oracle scan --threshold 60

# Ignore specific packages
dep-oracle scan --ignore deprecated-but-needed,legacy-pkg

# Verbose logging
dep-oracle scan --verbose

Output Example

dep-oracle v1.2.0
Scanning 

... [View full README on GitHub](https://github.com/ertugrulakben/dep-oracle#readme)

io.github.ertugrulakben/dep-oracle

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

Memory MCP Server

Context Mode

Idea Reality MCP Server

Browser Tools Mcp

Discussion