Skip to content

DigiCatalyst-Systems/dep-diff-mcp

v0.0.1 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 1mo MCP Security & Auth
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

changelog cve dependabot dependency-management mcp model-context-protocol
+4 more
npm pypi security typescript

Summary

AI summary

Minor fixes and improvements.

Full changelog

Added

  • Initial release.
  • analyze_package_change tool: single package upgrade analysis (npm, PyPI).
  • analyze_packages_bulk tool: parallel analysis of up to 50 package changes, ranked by recommendation level.
  • Semver classification, GitHub release-notes scraping, OSV.dev CVE deltas, migration-link extraction, recommendation engine.
  • LRU cache (500 entries, 1h TTL) on all outbound fetchers.
  • p-limit(8) concurrency cap on bulk analysis.
  • evals.md with 15 routing prompts for tool-description verification.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track DigiCatalyst-Systems/dep-diff-mcp

Get notified when new releases ship.

Sign up free

About DigiCatalyst-Systems/dep-diff-mcp

Translates a lockfile diff (npm, PyPI) into a human-readable upgrade plan. Point it at a Dependabot PR and get back semver classification, breaking changes from GitHub release notes, CVEs fixed in range, migration links, and a per-package recommendation. Bulk tool ranks up to 50 changes by risk (security > caution > review > likely-safe > safe)

All releases →

Related context

Beta — feedback welcome: [email protected]