A dependency-decision ledger for Node.js & coding agents — every dependency recorded, explained, and reviewable in the PR. Zero runtime deps.
-
Updated
Jun 13, 2026 - TypeScript
A dependency-decision ledger for Node.js & coding agents — every dependency recorded, explained, and reviewable in the PR. Zero runtime deps.
Review dependency update PRs by blast radius: package-lock changes, semver jumps, bin entries, install scripts, and CI risk gates.
Hands-on study guide for the GH-500: GitHub Advanced Security certification. Covers all 5 exam domains with docs, demos, CodeQL, Dependabot config, and automation scripts.
GitHub Actions GH-500 Certification Study Guide: Complete and up-to-date guide for the GitHub Advanced Security (GHAS) Certification GH-500 Exam. Includes all domains, key concepts, configuration of Secret Scanning, Dependabot, CodeQL, and best practices.
GitHub Action for reviewing dependency changes and policy findings in pull requests with Bomly CLI.
GitHub CLI extension for on-demand PR dependency risk review with Dependency Review API first and static local fallback
A Pi.dev skill focused on risk assessment before modifying dependencies in Node.js projects. It helps the agent analyze package-related changes before installing, updating, migrating, or modifying dependencies
🤖 Globomantics Robot Fleet Manager - Educational demo with vulnerable dependencies for GitHub Advanced Security training. Tim Warner's Pluralsight Dependency Review course. Learn more: https://pluralsight.com
Add a description, image, and links to the dependency-review topic page so that developers can more easily learn about it.
To associate your repository with the dependency-review topic, visit your repo's landing page and select "manage topics."