New: CheckVibe MCP server — scan from Claude Code and Cursor nativelyRead the docs
Scan your project dependencies for known vulnerabilities and outdated packages.
Overview
Modern web applications depend on hundreds of npm packages, Python libraries, or Ruby gems. Our scanner checks your dependency tree for packages with known security vulnerabilities, using multiple vulnerability databases including the GitHub Advisory Database and NVD.
What this scanner does
Analyzes JavaScript bundles and package manifests to identify dependencies and their versions. Cross-references against vulnerability databases (GitHub Advisory, NVD, Snyk) for known CVEs and security advisories.
Why it matters
Supply chain attacks and vulnerable dependencies are a growing threat. A single vulnerable dependency deep in your dependency tree can compromise your entire application. Regular dependency scanning catches these issues before attackers exploit them.
Common findings
OWASP Top 10 coverage
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Related checks
Vulnerability Detection
Identify your technology stack and check for known vulnerabilities (CVEs).
Configuration Audit
Check if your site has the right HTTP security headers to prevent common attacks.
Vulnerability Detection
Detect exposed API keys, tokens, and secrets in your frontend code and responses.
