BreakPoint Drop

Public methodology example · published 2026-07-15

Linear dependency audit

Linear's public SDKs and CLI depend on 156 unique packages. 8% (12) are at bus factor 1. The collaborative editing path is the highest-risk area, with two single-maintainer CRDT packages.

Methodology example, not a real audit. The numbers below are illustrative — based on real patterns in Linear's public dependency tree and the same scoring model we use for the free audit. For real org-specific data, run this audit on your own GitHub org →
Run this audit on your GitHub org →

At a glance

Total dependencies

156

14 direct · 142 transitive

Bus factor 1

12

8% of total

Abandoned

4

3% of total

Top 2 high-risk dependencies

The 2 highest-risk packages in Linear's dependency tree. These are the packages most likely to cause a supply chain incident in the next 12 months.

synced-store-internal

Bus factor: 1

Linear's internal CRDT store. Single maintainer. No public release.

Last commit: 2024-02-14

rich-text-crdt-bridge

Bus factor: 1

Bridge between ProseMirror and a CRDT. Used in collaborative editing. Last release 21 months ago.

Last commit: 2023-10-30

Methodology

Pulled from linear/linear, linear/linear-cli, linear/linear-sync on 2026-07-10. Analyzed bus factor, last commit, and dependency freshness. Linear's dependency tree is the smallest of the 5 audits, reflecting their focused SDK surface.

Citation: BreakPoint (Linear open source dependency audit — 2026). https://breakpoint.network/audit/r/linear

Get the same audit for your org

Free. We analyze your public dependency tree, identify the high-risk packages, and send the full report within 24 hours.

Get my org's audit →

Related reading

→ The State of Open Source Supply Chain 2026 → Bus factor explained (concept page) → For engineering leaders