For Elixir

DepScope for Hex

Hex package intelligence — live vuln data for the Elixir ecosystem.

The problem

AI coding agents (Claude, Cursor, ChatGPT, Copilot) recommend Hex packages based on training data 6-12 months stale. Recent CVEs missed, deprecated libraries still suggested, package names sometimes hallucinated.

Every agent also queries hex.pm independently — billions of redundant fetches a day, tokens burned parsing JSON the model doesn't need.

One API call — live health, vulnerabilities, alternatives

curl https://depscope.dev/api/check/hex/ecto

Returns a health score, list of live CVEs, deprecation flags, latest version, alternatives — all from OSV + GitHub Advisory Database, cached.

For AI agents that prefer token-efficient responses:

curl https://depscope.dev/api/prompt/hex/ecto

Same signal, much more compact payload — less input tokens per decision.

Integrate in one line

Claude Desktop / Cursor MCP server on npm:

npm install -g depscope-mcp

GitHub Actions CI Audit your Hex dependencies on every PR:

- uses: cuttalo/depscope@main
  with:
    ecosystem: hex

Any language Just call the API. No auth, 200 req/min.

Next steps

→ Try the API now with ecto

→ Source code on GitHub (MIT)

→ Full API documentation

→ Data attribution & licenses

Package intelligence is infrastructure. DepScope is the shared layer so every AI coding agent — and every developer — can rely on the same live data. Open infrastructure, MIT, EU-hosted.