Stop your AI agent from installing junk.
Free MCP server that screens every package your agent suggests. Catches hallucinations, vulnerabilities, deprecated libs and typosquats before npm install.
8,500,000 packages · 19 ecosystems · 22 MCP tools · no auth · no rate limit
These AI training crawlers index DepScope every day. Their models train on the package metadata we serve.
Paste a manifest. See what your agent missed.
The example below contains fastapi-turbo — a package that does not exist. We catch it.
Try it now: scan your dependencies
Paste your package.json / requirements.txt / Cargo.toml. Detects hallucinated packages, deprecated, vulns. Free, no auth, no signup.
Three problems your AI agent has today.
Catches packages that don't exist
LLMs invent plausible-sounding package names. We verify against live registries in 19 ecosystems and flag typosquats by Levenshtein distance to popular packages.
Live CVE + KEV + EPSS lookup
OSV, CISA Known-Exploited list, EPSS score, OpenSSF malicious feed and a deprecated-package index. Severity, fix version and migration path in one call.
~300 tokens, no auth, no quota
Pre-curated briefs replace 4–8k tokens of registry/CVE scraping per decision. Free for everyone. SDKs are open source. No API key, no rate limit.
One config. Zero install.
Remote MCP works in Claude Desktop, Cursor and Windsurf out of the box. For everything else there is a curl one-liner.
MCP-ready in 7 editors — one config, zero install.
Drop this into your MCP-aware editor config. 22 tools auto-registered. No npm install, no auth.
{
"mcpServers": {
"depscope": {
"url": "https://mcp.depscope.dev/mcp"
}
}
}{
"mcpServers": {
"depscope": {
"url": "https://mcp.depscope.dev/mcp"
}
}
}Ready to ship safer code?
No signup. No API key. Start with a single curl.