Product

Dependency health reports your team can actually act on.

RottenPack turns package metadata into prioritized risk groups, explanations, and next steps so engineering teams can stop guessing which dependency matters first.

Risk groups

Critical, watch, safe

Signals

npm, GitHub, license

Reports

Readable by humans

Abandonment detection

Flag packages with stale commits, old releases, or quiet maintainers.

Maintainer depth

Identify solo-maintainer risk and projects with weak contributor activity.

License awareness

Surface missing or changing license signals before they become blockers.

Sample report

See the shape of the output before signing in.

The report emphasizes the riskiest packages first, then explains what triggered the score.

acme/web-app

52 dependencies scanned

Health 72

left-pad-plus@1.8.2CRITICAL 38

No release in 3 years, one maintainer, license changed recently.

Replace or vendor before it blocks your next release.

tiny-router@4.1.0WATCH 67

Healthy npm usage, but issue backlog is climbing.

Keep it on the watch list and rescan after the next release.

zod@3.25.0SAFE 94

Active commits, broad contributor base, clear license.

No action needed beyond routine monitoring.