Stop depending on dead code. Scan your dependency files for abandoned, unmaintained, and risky open-source packages before they break your production build.
Every project depends on open-source packages. But what happens when a maintainer walks away? When the last commit was 3 years ago? When there's one person holding the keys to a package your entire stack relies on?
Deadware Risk Scanner answers these questions in seconds:
- Instant Risk Scores - Every package gets a 0-100 risk score based on 5 real signals: release freshness, bus factor, repository status, issue backlog, and licensing.
- Bus Factor Analysis - Identify packages with a single maintainer — the #1 predictor of future abandonment.
- Replacement Suggestions - Get curated, actively-maintained alternatives for every risky dependency.
- Multi-Ecosystem - Supports
package.json(npm),requirements.txt(PyPI),Gemfile(RubyGems),go.mod(Go), andCargo.toml(Rust). - Privacy First - Dependency analysis runs in your browser. Your code never leaves your machine.
- PDF & JSON Export - Generate printable reports for your team or machine-readable JSON for CI pipelines.
- CI Health Badge - Embed a shields.io badge in your README showing your dependency health score.
- Sign up for a free account
- Paste the contents of your dependency file (
package.json,requirements.txt,Gemfile,go.mod, orCargo.toml) - Click "Scan Dependencies" and wait a few seconds
- Review your risk report — packages are ranked by risk score with detailed breakdowns
- Export your report as PDF or JSON, or copy a CI badge for your README
Free plan includes 5 scans per month. Upgrade for unlimited access.
For richer analysis (repository archived status, open issue counts, security policy detection), you can provide your own GitHub Personal Access Token in the Settings panel. Your token is stored only in your browser's local storage and is never sent to any server other than GitHub's API.
# Clone the repository
git clone https://github.com/justAbdulaziz10/Deadware-Risk-Scanner.git
cd Deadware-Risk-Scanner
# Install dependencies
npm install
# Copy the env template and configure your values
cp .env.example .env.local
# Start the dev server
npm run devOpen http://localhost:3000 in your browser.
- Create a project at supabase.com
- Go to SQL Editor → New Query
- Paste the contents of
supabase/schema.sqland run it - Copy your API keys from Project Settings → API into
.env.local
npm run build
npm start- Push your repo to GitHub
- Import the project on vercel.com
- Add all environment variables in Settings > Environment Variables
- Deploy — Vercel auto-detects Next.js
| Variable | Where to get it |
|---|---|
NEXT_PUBLIC_SITE_URL |
Your deployed URL (e.g. https://deadware-risk-scanner.vercel.app) |
NEXT_PUBLIC_SUPABASE_URL |
Supabase Dashboard → Project Settings → API → Project URL |
NEXT_PUBLIC_SUPABASE_ANON_KEY |
Supabase Dashboard → Project Settings → API → anon public key |
SUPABASE_SERVICE_ROLE_KEY |
Supabase Dashboard → Project Settings → API → service_role key |
| Variable | Where to get it |
|---|---|
POLAR_ACCESS_TOKEN |
polar.sh/settings → Developers → Personal Access Tokens |
POLAR_WEBHOOK_SECRET |
Polar Dashboard → Settings → Webhooks → Add Endpoint → copy secret |
POLAR_PRODUCT_ID_TEAM |
Polar Dashboard → Products → Team product → copy ID |
POLAR_ENVIRONMENT |
sandbox for testing, production when live |
NEXT_PUBLIC_POLAR_PRODUCT_ID_PRO |
Polar Dashboard → Products → Pro product → copy ID |
NEXT_PUBLIC_POLAR_PRODUCT_ID_TEAM |
Polar Dashboard → Products → Team product → copy ID |
| Variable | Default | Description |
|---|---|---|
NEXT_PUBLIC_PRO_PRICE |
9 |
Pro plan price shown in the UI |
NEXT_PUBLIC_TEAM_PRICE |
29 |
Team plan price shown in the UI |
NEXT_PUBLIC_AUTHOR_NAME |
justAbdulaziz10 |
Display name in footer & metadata |
NEXT_PUBLIC_GITHUB_URL |
Your GitHub profile | GitHub profile link |
NEXT_PUBLIC_GITHUB_REPO |
This repo | "View on GitHub" link |
NEXT_PUBLIC_BUYMEACOFFEE_URL |
Your BMAC page | "Buy Me a Coffee" link |
- Framework: Next.js 16 (App Router)
- Language: TypeScript
- Styling: Tailwind CSS v4
- Icons: Lucide React
- Auth & Database: Supabase (free tier)
- Payments: Polar.sh (free — supports Saudi Arabia & 40+ countries)
- Deployment: Vercel (free tier)
Total cost to run: $0 — You only pay Polar's 4% fee when you make actual sales.
src/
app/
page.tsx # Landing page
scanner/
page.tsx # Scanner metadata
ScannerClient.tsx # Scanner UI
success/
page.tsx # Post-payment success
SuccessClient.tsx # Plan activation polling
login/ # Login page
signup/ # Signup page
auth/callback/ # Supabase auth callback
api/
checkout/ # Polar checkout handler
webhooks/polar/ # Polar webhook handler
layout.tsx # Root layout + SEO
globals.css # Theme + animations
components/ # UI components
lib/
config.ts # Centralized env config
parsers.ts # Dependency file parsers
analyzer.ts # Risk scoring engine
storage.ts # Supabase plans + localStorage
export.ts # PDF/JSON export + CI badge
supabase/ # Supabase client/server/middleware
types/
index.ts # TypeScript types
middleware.ts # Next.js auth middleware
supabase/
schema.sql # Database schema (run once)
| Free | Pro ($9/mo) | Team ($29/mo) | |
|---|---|---|---|
| Scans per month | 5 | Unlimited | Unlimited |
| Ecosystems | npm, PyPI | All 5+ | All 5+ |
| Risk dashboard | Yes | Yes | Yes |
| PDF & JSON export | - | Yes | Yes |
| CI health badge | - | Yes | Yes |
| Scan history | - | 50 reports | 50 reports |
| GitHub enrichment | - | Yes | Yes |
| Team members | 1 | 1 | Up to 10 |
| Webhooks | - | - | Yes |
| Custom thresholds | - | - | Yes |
If Deadware Risk Scanner saved you from a bad dependency or helped your team ship safer code, consider supporting the project:
Every coffee helps keep this project maintained and free for the community. Thank you!
You can also support by:
- Starring the repo on GitHub
- Sharing it with your team
- Reporting bugs or suggesting features via GitHub Issues
This project is licensed under the MIT License.
Built with care by justAbdulaziz10
