DepAudit

Simple, transparent pricing

Start free, no credit card required. Upgrade when you need more scans or team features.

Free
$0

Perfect for occasional audits and side projects.

Get started free
Pro
$19/mo

For developers who regularly use AI coding assistants.

Start 14-day free trial
Team
$49/mo

For engineering teams shipping AI-generated features at scale.

Start 14-day free trial
Most popular
Managed
$299/mo

We handle dependency maintenance so you can focus on shipping.

Get Managed

Feature comparison

FeatureFreeProTeamManaged
Scans per month
2UnlimitedUnlimitedUnlimited
npm support
PyPI support
Hallucination detection
Vulnerability scanning (OSV)
BasicFullFullFull
Deprecation alerts
Download count analysis
Outdated version detection
Fix suggestions
Shareable report links
Scan history
30 daysUnlimitedUnlimited
API access
Team seats
1110Unlimited
Team dashboard
Slack notifications
GitHub integration
SSO (SAML)
Priority support
Dedicated support
Weekly dependency audits
Automated vulnerability fixes
Hallucinated package removal
Monthly dependency health report
White-glove service

Frequently asked questions

What is a "hallucinated" dependency?

AI code generators like GitHub Copilot, ChatGPT, and Cursor sometimes suggest npm or PyPI packages that simply don't exist. They invent plausible-sounding package names that could be registered by malicious actors (typosquatting). DepAudit checks every package name against the live registries and flags any that return a 404.

How does vulnerability scanning work?

We query the OSV (Open Source Vulnerabilities) database, which aggregates CVEs from GitHub Advisory Database, NVD, and other sources. We check both the specific version you have and flag if newer, patched versions are available.

Is my code stored anywhere?

We only store the package names, versions, and scan results — never your actual source code. Scan results are stored so you can share report links. Anonymous scans are stored without a user ID.

Can I use DepAudit in CI/CD?

Yes — the Pro and Team plans include API access. You can POST your package.json or requirements.txt to our API endpoint and integrate the results into your pipeline. We're working on native GitHub Actions and GitLab CI integrations.

What counts as one scan?

One scan = one submission of a package.json or requirements.txt file (or a block of code we parse). There is no limit on the number of packages within a single scan.

Do you offer annual billing?

Annual plans are coming soon with a 2-month discount. Get in touch if you need annual invoicing for your team.

Start scanning for free

No credit card required. 2 free scans every month.

Try DepAudit free