Check your project forcompromised dependencies
Paste your package-lock.json, pnpm-lock.yaml, yarn.lock, or requirements.txt. See in seconds whether you were exposed to one of 2026's supply-chain compromises.
Everything runs in your browser. Your lockfile never leaves your machine.
91 incidents1,452 packages tracked across all of them10 ecosystemsData range 15 Sept 2025 → 6 Jul 2026Last updated 6 Jul 2026
Parsed locally in your browser. Nothing leaves your device, no logging, no network round-trip.
DependencyWatch.io is one thing we do.Talk to us about the rest.
The same UK team that runs this feed runs CREST-accredited pen tests, a 24/7 SOC, and a live threat-intelligence practice. If you want the signal from this scanner feeding your defences directly, talk to us.