npm dependency fitness: deprecated/yanked/superseded + verified safe migration target.
Is this npm package safe to depend on — and if not, what do I move to? An MCP server that gives a coding agent a cross-validated fitness verdict for an npm package before it writes or upgrades a dependency: It reconciles four free, sanctioned sources — the npm registry, Google's deps.dev, OSV.dev, and GitHub — into one confidence-scored answer, and infers a safe migration target when a package is…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Is this npm package safe to depend on — and if not, what do I move to? An MCP server that gives a coding agent a cross-validated fitness verdict for an npm package before it writes or upgrades a dependency: It reconciles four free, sanctioned sources — the npm registry, Google's deps.dev, OSV.dev, and GitHub — into one confidence-scored answer, and infers a safe migration target when a package is deprecated or superseded. "Is it deprecated?" is already free — deps.dev serves that flag, and…