Deadpendency FAQ

What does Deadpendency detect?

It detects dependencies that have project health issues. For example, is the dependencies' repository still actively being committed to.

If a dependency is marked as unhealthy, should I stop using it?

No! This is a call to action to review the dependency and make a decision as to whether to switch away or not.

In many cases it makes sense to keep using the dependency (eg. there are no viable alternatives). In this case, the dependency can be ignored from Deadpendency checks.

Why isn’t Other language supported?

Support is either not possible, planned, or the language is considered too niche. Feel free to create / up vote the relevant issue.

Which package registries support structured deprecation?

Currently NPM (JavaScript), NuGet (.NET), Hackage (Haskell), Packagist (PHP) and Maven (Java / Kotlin / Scala).

Does Deadpendency support GitLab, Bitbucket, Other?

No, Deadpendency is currently a GitHub.com app and it can only analyze dependencies that are also hosted on GitHub.com.

However, the Deadpendency app will support GitLab and Bitbucket in the future, both in terms of an app and as hosts of dependency repositories.

Does Deadpendency have an on-prem solution?

No, not currently. This is eventually planned, but would come after supporting GitLab and Bitbucket as mentioned above.

Why isn’t Deadpendency open source?

Deadpendency is not free for private organizations. However, as much Deadpendency code as possible will be open sourced.