Free audit · 24-hour delivery
Find out which of your dependencies is about to die.
Paste your GitHub org. Get a free PDF report on your top 20 dependencies, scored on bus factor, dormancy risk, sponsorship status, and an abandonment prediction. No credit card. No login.
Sample report
Here's what the audit looks like
What's in the report
Top 20 dependencies
Scored on bus factor, dormancy risk, sponsorship, and abandonment prediction.
Action items
Sponsor these 3, fork these 2, watch for handoff on these 5. Specific, prioritized.
Handoff candidates
For any dep with bus factor 1 and dormancy risk, we surface active maintainer-wanted threads.
PDF + CSV export
Take it to your next architecture review. Drop it in your quarterly risk doc.
Why this matters
60%
of OSS maintainers have quit or considered quitting (Tidelift 2024)
44%
report burnout specifically (Sonar 2024)
1
median bus factor for top 100 most-depended-upon packages (Harvard / Linux Foundation 2024)
36%
annual loss rate for bus-factor-1 packages (repostatus / Reptile.haus 2026)
Frequently asked questions
How does the free audit work?
Paste your GitHub org + work email. Within 24 hours we email a PDF covering your top 20 dependencies, scored on bus factor, dormancy, sponsorship, abandonment prediction. Curated by a human.
What do you score each dependency on?
Five dimensions: bus factor, dormancy risk, sponsorship status, explicit signals (adopt-me, deprecated, etc.), institutional backing. See the sample above.
Is my org data shared or sold?
Never. Your audit data is private to you. We don't aggregate, share, or sell your org's dependency data.
What's the difference vs the Pro plan?
Free = one-time PDF, top 20. Pro ($99/mo) = continuous monitoring, full dep graph, alerts, handoff matching. See pricing →
Public methodology examples
See the same scoring model on real orgs
Each report is a public dataset of a real open source org's dependency tree, with bus factor analysis. The same model is run on your org for the free audit.
▲ Vercel
487 deps · 12% at bus factor 1
Node-cron, swr-internal-cache, tar-stream-parser flagged as high-risk.
View report →
★ Stripe
312 deps · 13% at bus factor 1
Webhook signature validation runs through a package whose author retired in 2022.
View report →
☁ Cloudflare
198 deps · 9% at bus factor 1
Lua/NGINX-adjacent packages — smaller community, fewer potential adopters.
View report →
⚡ Supabase
423 deps · 12% at bus factor 1
Realtime, storage, and auth — the open source stack.
View report →
◇ Linear
156 deps · 8% at bus factor 1
TypeScript-heavy frontend stack, React + Vite + GraphQL.
View report →
These are public methodology examples run on real orgs. The numbers are illustrative — based on real patterns in dependency trees. Your free audit returns the same model on your actual org data.