DepsHub is an AI-powered tool for developers to help keep your repositories up to date and secure. Want to migrate to a new major version of any library? Do it in seconds with DepsHub.
Hi ProductHunt community! I’m Andriy, Founder at DepsHub.
I’ve been working as a software engineer for the past 10 years, and every single project that I worked with used tens, if not hundreds, of different libraries and dependencies. DepsHub takes the headache out of the manual dependency updates using AI. Need to upgrade to React 19? You can do it in seconds. A new Vue major version was released? We got you covered. Any library. Any update. Without noise.
The main goal of DepsHub is to keep your repositories up to date without you spending any time on doing that. It automatically figures out the best schedule for you, what libraries are worth updating, etc. For those who need additional control, you can still configure the desired behavior with depshub.yml file.
✨ Autopilot Mode
DepsHub automatically detects new versions, schedules updates, and supports both monorepos and multi-language projects. No need to update every single library whenever there is a new release. DepsHub keeps your dependencies fresh while reducing noise and unnecessary updates.
🧹 Noise Reduction
We filter out the noise and group updates into a single pull request. Say goodbye to false alarms and noise in your PR notifications.
🛡️ Security and License Scanning
Your code's safety is our priority. We scan dependencies for vulnerabilities with a 96% lower false positive rate than other tools. Get instant notifications when a new vulnerability is detected. DepsHub monitors licenses for changes, provides detailed license info, and alerts you when new licenses pop up. Export your Software Bill of Materials (SBOM) effortlessly.
I’m here to answer your questions or feel free to email me at andriy@depshub.com. Happy to share technical details for people who are curious! Thank you!
Report
@semanser Kudos to you for this launch! Wishing you and your team a fantastic journey ahead. What’s next on the horizon for your team?
@sasha_buratynskyi The main difference is that DepsHub is focused on reducing the noise. It's not that easy to achieve, but some of the areas that we're focused on are:
- Reducing the amount of PRs by ensuring that everything is *reasonably* updated and not on the latest version all the time.
- Using AI/embeddings to automatically make breaking changes updates.
- Giving users observability (dashboard) so that they can prioritize what needs to be updated first.
None of the points above are implemented in our competitors, and I hope we will move the market in this direction a little bit!
Report
With many package management tools, especially for package.json, we can't just upgrade everything to the latest version without caution.
How does DepsHub handle such situations?
@bonvisions It doesn't update everything to the latest version.
First, it always prioritizes packages that have security vulnerabilities. Then, after it's done, it tries to bring your project to the *relatively* latest versions of the main packages (think React if it's a frontend project). So it gradually updates your codebase until it's at some stable point where only smaller updates are needed.
I hope it answers your question. Thanks!
Report
@semanser Thank you for your patience, this is truly fantastic!
@semanser It actually looks amazing. What is your experience with more complex updates than the one you show in your introductory video? Let's say updating a big UI library like Angular from an older version. It takes a lot of time to do it manually. I think if the AI can at least prepare a half-decent PR, it could save a lot of time as well.
Congrats on the launch 🚀
@crebuh Thanks! It really depends on how much info is available (how detailed are the changelogs, how many breaking changes, etc.). DepsHub bot is adding a comment to each change explaining why it made that change, so it's easier to navigate and understand any code changes.
Wow this is really helpful, thank you for the launch! As a developer I can confirm dependency updates are one of the most painful problems in development. This will help to solve them finally. Upvoted!
@pavel_bocharov Thanks! Yeah, dependency updates are a recurrent problem that any developer is facing sooner or later. So far, there is no silver bullet for it, but I hope DepsHub makes it one step closer!
@alexkupin Yes! DepsHub supports depshub.yml config file, and there is a `stability_delay` option. Here are the values by default:
stability_delay:
security: 0
major: 14
minor: 7
patch: 4
It allows you to configure how many days should pass since the release of the library to be included for the update. For example, `security: 0` means that there should be no delay between any new security release and the PR. Whereas `major: 14` means that there should be a minimum 2-week delay between the new major version release and the PR.
Report
Hey Andriy! It's super interesting seeing makers being part of the problem they are solving. It's key and speaks by it self about you as a maker. Glad to see you addressing this in such an impressive way! Really congrats
@german_merlo1 Thanks for your support! Yeah, the idea of the product came from my own pain. So I was the first user of it and tried to make it as user-friendly as possible.
Report
Congrats on the launch, it looks really good.
I just tried, but it did a very weird PR: https://github.com/marian2js/saa...
1. It added code and comments like trying to fix a ReactNative app, even though the project is a nestjs library that doesn't use ReactNative at all.
2. It added markdown directly on code files breaking them
3. It added random properties to classes and random code, with comments that have nothing to do with the code added.
In general the PR makes no sense. I also didn't understand why it tried to change code when it was supposed to manage dependencies. I think something went really wrong here.
@marian2js Hey Mariano! Thanks for your feedback. I will take a look once the launch dust settles a little bit. I suspect that the model generated something wrong due to a high load (and throttling enabled). I will come back to you as soon as I investigate what happened. Thanks a lot for the feedback!
Report
Congratulations on the start! You are doing a good job! Good luck and many happy users!
@yc_j Thank you! We're using embeddings + some filtering to identify only parts of the codebase that need to be changed (parts that are relevant to the changelog changes). You can imagine a filtering data pipeline where the input is the entire codebase and it decreases over time at every next step.
Report
Congrats on the launch of DepsHub! Keeping dependencies up to date is a major hassle, and this tool sounds like a lifesaver for developers. The autopilot mode and noise reduction features are especially impressive, making updates seamless and efficient. The added security and license scanning ensure that everything stays safe and compliant. Excited to see how this transforms the way we manage dependencies. Great job, team!
Replies
DepsHub
mgmate
DepsHub
DepsHub
DepsHub
Mailfox
DepsHub
Mailfox
Nebbl
DepsHub
Eraser
DepsHub
DepsHub
DepsHub
DepsHub
Fleak
DepsHub
DepsHub