Know if Your Dependencies Are Healthy: Introducing Check

4 min read
cover

The Hidden Risk in Your Dependencies

Modern software relies on open-source dependencies. While they speed up development, they can also become liabilities. A package that looked good two years ago might now be abandoned, unmaintained, or a security risk.

Most tools focus on security vulnerabilities but miss the bigger risk: abandoned or poorly maintained packages that become blockers. That's why we built Check. A dependency health monitoring platform that helps you spot these risks before they become problems.

What is Check?

Check analyses your project dependencies and assigns a 0-100 health score based on comprehensive metrics:

  • Activity metrics (40%): Recent commits, commit frequency, PR activity, issue response times
  • Community metrics (30%): Contributor count, active contributors, open issues trends
  • Release metrics (20%): Time since last release, release frequency, version adoption
  • Other signals (10%): License changes, maintainer activity, deprecation notices

Upload your package.json, requirements.txt, Cargo.toml, or other manifest files (more in the works). Check fetches data from GitHub, npm, PyPI, Cargo, Maven, and Gradle to build a health profile for each dependency.

The Problem Check Solves

Abandoned Dependencies

A library added two years ago may not have been updated in 18 months. No security patches, bug fixes, or compatibility with newer runtimes. You only discover this when you try to upgrade or when a critical bug appears.

Growing Issue Backlogs

Open issues pile up, PRs go unmerged, maintainers are inactive, and bugs may never be fixed. Your project depends on code that's slowly decaying.

License Changes

A dependency changes its license mid-project, creating legal risks or forcing rewrites. You find out too late, when it's already integrated into your codebase.

Who Does Check Help?

Individual Developers

  • Avoid adding abandoned packages before you commit
  • Get early warnings about maintenance issues
  • Make informed decisions about new dependencies

Development Teams

  • Monitor dependency health across projects
  • Track trends over time
  • Get alerts for stale dependencies or license changes
  • Share insights with the team

Organisations

  • Centralised view of dependency health
  • Organisation-wide project management
  • Identify risks before they impact production
  • Track health trends across the portfolio

How It Works

Upload & Analyse

Upload your manifest file or paste your dependency list. Check parses it and fetches metrics from GitHub, npm, PyPI, and more.

Generate Health Scores

Each dependency gets a 0-100 health score based on commit activity, community engagement, release frequency, and maintenance signals. Health scores are backed by metrics so you can see why a dependency scored low and what to do about it.

See Trend Analysis

View how dependency health changes over time. Spot declining maintenance before it becomes critical.

Get Smart Alerts

Get notified when dependencies go stale, maintainers become inactive, or licenses change.

Identify Risky Dependencies

Identify high-risk dependencies early. Compare alternatives side-by-side before committing to a package.

Automate Where Possible

When your Git repository is linked, Check can create pull requests with necessary updates. Otherwise, it guides you step-by-step. This is currently a work in progress.

Check's Goals

  1. Prevent Problems Before They Start

    Identify at-risk dependencies early, before they become blockers.

  2. Provide Actionable Intelligence

    Health scores are backed by metrics. See why a dependency scored low and what to do about it.

  3. Track Health Over Time

    Monitor trends to spot declining maintenance before it becomes critical.

  4. Enable Proactive Decision-Making

    Compare alternatives side-by-side, find better replacements, and make informed choices.

  5. Automate Where Possible

    When your Git repository is linked, Check can create pull requests with necessary updates. Otherwise, it guides you step-by-step.

The Future of Dependency Management

Check goes beyond vulnerability scanning. It monitors the long-term health of your dependencies, helping you build more resilient software.

Whether you're a solo developer or part of a large organization, Check gives you the insights you need to make better decisions about your dependencies, before they become problems.

Ready to get started? Join the Waitlist to see the health of your dependencies in minutes when we launch.