Org Dep Health Monitor
Send your list of npm packages once. depmedic re-runs the same health snapshot every night and emails a weekly digest plus instant alerts when a package drops a grade, gets deprecated, or picks up a new security advisory. The dependency news desk you do not have to staff.
$19 / month
Subscribe
Cancel anytime. 7-day refund. First snapshot delivered within 24 h of your monitor list arriving.
Subscribe ($19/mo) See free /health snapshots firstWhat you get
200 monitored packages
Send your package.json or a list. We import once, re-snapshot nightly.
Weekly digest email
Mondays. Grade changes, new releases, advisory updates, deprecations, in one read.
Instant alerts
Same-day emails when any package drops a letter grade or gets a new CVE that touches your version range.
Embeddable badges
SVG badges per package, refreshed nightly. Drop into READMEs / runbooks / wiki.
4 Vendor Dossier PDFs / quarter
Pick any 4 packages. Get the full 6-8 page dossier each. Standalone value $36.
Slack webhook
Optional. Pipe alerts into a channel of your choice (mention "Slack monitor" when you onboard).
How it works
- Subscribe. Polar sends you a license key + welcome email.
- Send your monitor list. Email
depmedic.dev@gmail.comwith subjectMonitor list. Body = yourpackage.jsonor one package name per line. - First snapshot arrives within 24 h - the baseline grade for every package, plus any immediate concerns.
- Mondays: weekly digest. Any day: real-time alert when a package slips.
Why "monitor", not "scan once"
The npm registry is busy. In a typical month:
- ~30,000 new package versions published.
- ~200 new security advisories opened against existing packages.
- Dozens of widely-used packages quietly marked deprecated.
- Maintainers come and go; bus factor changes silently.
A point-in-time scan tells you yesterday's truth. The Monitor surfaces today's.
Compared to alternatives
| Snyk team plan | Dependabot | Org Dep Health Monitor | |
|---|---|---|---|
| Price | $25+/seat/mo | free (GitHub) | $19/mo flat |
| Onboarding | SSO + repo connectors | per-repo config | email a list |
| Surface | vulnerabilities + license | vuln + version bumps | vuln + grade + deprecation + maintenance signal |
| Format | dashboard + PRs | PRs | weekly digest + instant alert + badges + dossiers |
| Alerts | UI / email | PR opens | email + optional Slack |
| Vendor questionnaire | no | no | included via Vendor Dossiers |
What it does NOT do
- It does not file PRs. Use Renovate or Dependabot for that. Monitor tells you which bumps are worth filing.
- It does not host your private packages. We snapshot from the npm registry; private package monitoring needs a one-time data share (a single
npm view --jsonoutput you email back). - It does not scan for secrets in your repo. Use
gitleaksfor that, included in the Pre-PR Checklist Pack.
Just want one dossier today?
The Vendor Dossier PDF is $9 per package, one-time. Same engine, no subscription. Recommended starting point.
Vendor Dossier ($9)