DepsHub is an AI-powered tool for developers to help keep your repositories up to date and secure. Want to migrate to a new major version of any library? Do it in seconds with DepsHub.
Hi ProductHunt community! I’m Andriy, Founder at DepsHub.
I’ve been working as a software engineer for the past 10 years, and every single project that I worked with used tens, if not hundreds, of different libraries and dependencies. DepsHub takes the headache out of the manual dependency updates using AI. Need to upgrade to React 19? You can do it in seconds. A new Vue major version was released? We got you covered. Any library. Any update. Without noise.
The main goal of DepsHub is to keep your repositories up to date without you spending any time on doing that. It automatically figures out the best schedule for you, what libraries are worth updating, etc. For those who need additional control, you can still configure the desired behavior with depshub.yml file.
✨ Autopilot Mode
DepsHub automatically detects new versions, schedules updates, and supports both monorepos and multi-language projects. No need to update every single library whenever there is a new release. DepsHub keeps your dependencies fresh while reducing noise and unnecessary updates.
🧹 Noise Reduction
We filter out the noise and group updates into a single pull request. Say goodbye to false alarms and noise in your PR notifications.
🛡️ Security and License Scanning
Your code's safety is our priority. We scan dependencies for vulnerabilities with a 96% lower false positive rate than other tools. Get instant notifications when a new vulnerability is detected. DepsHub monitors licenses for changes, provides detailed license info, and alerts you when new licenses pop up. Export your Software Bill of Materials (SBOM) effortlessly.
I’m here to answer your questions or feel free to email me at andriy@depshub.com. Happy to share technical details for people who are curious! Thank you!
@sasha_buratynskyi The main difference is that DepsHub is focused on reducing the noise. It's not that easy to achieve, but some of the areas that we're focused on are:
- Reducing the amount of PRs by ensuring that everything is *reasonably* updated and not on the latest version all the time.
- Using AI/embeddings to automatically make breaking changes updates.
- Giving users observability (dashboard) so that they can prioritize what needs to be updated first.
None of the points above are implemented in our competitors, and I hope we will move the market in this direction a little bit!
With many package management tools, especially for package.json, we can't just upgrade everything to the latest version without caution.
How does DepsHub handle such situations?
@bonvisions It doesn't update everything to the latest version.
First, it always prioritizes packages that have security vulnerabilities. Then, after it's done, it tries to bring your project to the *relatively* latest versions of the main packages (think React if it's a frontend project). So it gradually updates your codebase until it's at some stable point where only smaller updates are needed.
I hope it answers your question. Thanks!
@semanser It actually looks amazing. What is your experience with more complex updates than the one you show in your introductory video? Let's say updating a big UI library like Angular from an older version. It takes a lot of time to do it manually. I think if the AI can at least prepare a half-decent PR, it could save a lot of time as well.
Congrats on the launch 🚀
@crebuh Thanks! It really depends on how much info is available (how detailed are the changelogs, how many breaking changes, etc.). DepsHub bot is adding a comment to each change explaining why it made that change, so it's easier to navigate and understand any code changes.
Wow this is really helpful, thank you for the launch! As a developer I can confirm dependency updates are one of the most painful problems in development. This will help to solve them finally. Upvoted!
@pavel_bocharov Thanks! Yeah, dependency updates are a recurrent problem that any developer is facing sooner or later. So far, there is no silver bullet for it, but I hope DepsHub makes it one step closer!
@alexkupin Yes! DepsHub supports depshub.yml config file, and there is a `stability_delay` option. Here are the values by default:
stability_delay:
security: 0
major: 14
minor: 7
patch: 4
It allows you to configure how many days should pass since the release of the library to be included for the update. For example, `security: 0` means that there should be no delay between any new security release and the PR. Whereas `major: 14` means that there should be a minimum 2-week delay between the new major version release and the PR.
Hey Andriy! It's super interesting seeing makers being part of the problem they are solving. It's key and speaks by it self about you as a maker. Glad to see you addressing this in such an impressive way! Really congrats
@german_merlo1 Thanks for your support! Yeah, the idea of the product came from my own pain. So I was the first user of it and tried to make it as user-friendly as possible.
Congrats on the launch, it looks really good.
I just tried, but it did a very weird PR: https://github.com/marian2js/saa...
1. It added code and comments like trying to fix a ReactNative app, even though the project is a nestjs library that doesn't use ReactNative at all.
2. It added markdown directly on code files breaking them
3. It added random properties to classes and random code, with comments that have nothing to do with the code added.
In general the PR makes no sense. I also didn't understand why it tried to change code when it was supposed to manage dependencies. I think something went really wrong here.
@marian2js Hey Mariano! Thanks for your feedback. I will take a look once the launch dust settles a little bit. I suspect that the model generated something wrong due to a high load (and throttling enabled). I will come back to you as soon as I investigate what happened. Thanks a lot for the feedback!
@yc_j Thank you! We're using embeddings + some filtering to identify only parts of the codebase that need to be changed (parts that are relevant to the changelog changes). You can imagine a filtering data pipeline where the input is the entire codebase and it decreases over time at every next step.
Congrats on the launch of DepsHub! Keeping dependencies up to date is a major hassle, and this tool sounds like a lifesaver for developers. The autopilot mode and noise reduction features are especially impressive, making updates seamless and efficient. The added security and license scanning ensure that everything stays safe and compliant. Excited to see how this transforms the way we manage dependencies. Great job, team!
Really cool. Would love to add this to some of my open source repos. How hard would it be to add support for signing in with email instead of GitHub? The use case would be for dependency graphs for public open source projects. I just try to avoid signing in with GitHub. It's so hard to manage privileges on GitHub.
@sentry_co Interesting suggestion. I haven't investigated much, but I don't think it should be that complicated (unless GitHub bots don't support signing as another user 🤔)
I gotta say, the reason I'm supporting this product is because this is built by a solo founder and we honestly need more of them. Things I love: the landing page is well polished, the tagline is straight forward, and the UI looks slick!
I'm not super technical, so I don't fully understand its capabilities, but I did some research against dependabot, and I found DepsHub is much more comprehensive and streamlined - there are features like license compliance checking which is super cool and other analytics that come with the tool. I'm sure I'm missing some, but it has tons of tools in its belt.
Congrats @semanser! It's incredible that you built an awesome product that focuses on a large niche area.
Gratz on the launch, cool idea, great execution, really liked UI/UX too, is it all by your self?
waiting for Scala and C support, good job man, has room for tons of new features.
Congrats on the launch! I'm very curious to know how the AI makes changes to the code that are necessary for the update. In my experience LLMs are only very good at library versions that have been released for sometime, so updating code for the new version would be difficult. I imagine that some libraries will provide release notes and a migration guide, so RAG would help some, but again in my experience there are changes that must be made that aren't mentioned in these. Does it look at build failures in GitHub Actions or equivalent and try to resolve them? Fixing UI bugs introduced by an upgrade seems impossible.
@jack_michalak Thanks for the question! In this case, LLMs rely on the change logs/release notes to identify what kind of changes are included in the release. Of course, semantic versioning is also important here even though I agree that not all developers follow the standard. Also, we're planning to integrate more data points (bug reports for the library, etc.). While it doesn't guarantee 100% coverage in cases, it drastically improves time on maintaining your repositories at scale since the only thing that you need to do is to review the code changes. We're trying to include as much information as possible in the PR, but in the end, the developer is making the final call on whether it's worth merging it or not.
It doesn't check the CI yet, but can be a nice idea. I like the idea of having iterative updates - starting from the minimum possible update and checking if the update was successful (tests, CI, etc.). If it was - rinse and repeat.
Thanks for the question and the feedback!
@semanser really neat tool for the dev environment - I like that 'reduce noise' differentiator. As a no code individual, it likely won't be a product for me but I have relayed it over to our development team to check out!
Congrats on the launch!
Hey Andriy! It's fascinating to see creators deeply involved in the issues they're tackling. It truly reflects your dedication as a maker. I'm thrilled to see you addressing this so effectively! Big congratulations!
Hey Andriy! Congratulations on the launch, this looks great!
Question: sometimes my team gets busy and we let our dependency manager PRs get a bit stale over time. Is this product able to deal with those cases when updated changes are required since the time that DepsHub opened a PR for a package?
@edwardb Good question! This is not implemented yet, but there is a simple trick to make it work: just close the PR and open one using the DepsHub dashboard. We will prioritize implementing this for sure. Thanks!
Replies
DepsHub
DepsHub
DepsHub
DepsHub
Mailfox
DepsHub
Nebbl
DepsHub
Eraser
DepsHub
DepsHub
ChainJet
DepsHub
DepsHub
Fleak
DepsHub
DepsHub
DepsHub
DepsHub
ToyPal
DepsHub
DepsHub
DepsHub
DepsHub
Resubscribe
DepsHub
DepsHub
DepsHub
DepsHub