Dependency Tracking
Monitor your npm packages and their versions.
How It Works#
SlyDuck scans your package.json file to track all npm dependencies. This requires a connected GitHub repository.
For each package, SlyDuck checks:
- Current installed version
- Latest available version on npm
- Known security vulnerabilities
- Update type (patch, minor, or major)
Scan Frequency
Dependencies are scanned automatically when you connect GitHub and once daily after that. You can also trigger a manual scan anytime from the Dependencies tab.
Package List#
The Dependencies tab shows all your packages in a table:
- Package Name: The npm package identifier
- Current Version: What's in your package.json
- Latest Version: Most recent version on npm
- Update Type: Patch (1.0.x), Minor (1.x.0), or Major (x.0.0)
- Vulnerabilities: Number of known security issues
Packages are sorted with those needing updates at the top.
Security Vulnerabilities#
SlyDuck uses GitHub Advisory Database to check for known vulnerabilities in your dependencies.
Severity Levels
- Critical: Severe vulnerability requiring immediate action
- High: Significant security risk
- Moderate: Should be addressed when possible
- Low: Minor risk, update at your convenience
Clicking on a vulnerability shows details including:
- Description of the security issue
- Affected versions
- Fixed versions (if available)
- Link to the CVE or advisory
Priority Fixes
Critical and high severity vulnerabilities affect your project's health score. Address these first to maintain a healthy status.
On this page