Track the packages your project actually uses. Get Telegram alerts daily or in real time when a published advisory matches your dependency versions.
Works with package.json and lockfile-based dependency graphs
Realtime alert
Project: dashboard-web
Installed: lodash 4.17.20
Affected: < 4.17.21
Fixed in: 4.17.21
Telegram message includes severity, affected range, fixed version, and a direct nudge to check if you need an upgrade now.
Daily digest
minimatch
Used in bot-worker · Medium severity
ws
Used in api-server · No action needed
Simple monitoring for the dependencies you already ship
Add a repo, upload dependency files, or point to the package list you want monitored.
When npm advisories land, the service checks whether your installed version range is actually affected.
Get a quiet daily digest or immediate alerts with package name, severity, fixed version, and impact.
Security signal without dependency panic
Not every new advisory matters to every project. The alert checks the versions you use before bothering you.
Alerts show up where devs already pay attention: chats, team groups, and private monitoring channels.
Use real-time notifications for critical issues and a calmer summary for the rest.
The goal is simple: when a version has issues, you instantly know whether you have it or you don't.
serialize-javascript < 6.0.2 can lead to XSS in affected builds
lodash in dashboard-web is vulnerable. Installed: 4.17.20 · Affected: < 4.17.21 · Fixed: 4.17.21 · Severity: High
Stay informed at the pace your team wants
A clean summary of what changed and what matters
For teams that want critical issues surfaced right away
When a vulnerable version gets published, your team should know if it affects your project within minutes.
Built for teams that want confidence, not more noise