Threat Intelligence Report: Foreign Influence in EasyJSON
Security Risk Exposed: Meet Fast-Glob – Read Our Research
Stop Guessing. Start Hunting. Use DepsDiver Today.
Home
Company
Products
Pricing
Resources
Start Hunting
Start Hunting
Start Hunting
Start Hunting
Home
Company
Products
Pricing
Resources
Start Hunting
Start Hunting

Introducing DepsDiver: Eliminating the Security Blind Spots in Your Dependencies

Written By
The Hunted Labs Team
on
January 29, 2026
Blog Image

Hunted Labs is introducing DepsDiver, a new class of dependency security focused on uncovering foreign influence and code repository risk early and providing package alternatives.

Dependency Risk Has Changed

Open source is the foundation of modern software, but dependency decisions no longer happen the way security teams assume they do.

In practice, most dependencies aren’t consciously selected or reviewed upfront. Package managers resolve libraries automatically. CI/CD pipelines pull in components during builds. Code assistants suggest and introduce open source packages as code is written. In turn, dependencies are often adopted implicitly, reused across projects, and buried several layers deep before anyone pauses to ask whether they should be trusted.

As a result, trust decisions are being made rapidly and with code assist, they are sometimes bypassing risk assessment entirely and automatically included in your build.

DepsDiver fixes that by providing risk informed threat intelligence about who maintains a project, how stable maintainership is, or whether control has changed in ways that introduce risk amongst others.

DepsDiver: Control-First Dependency Security

DepsDiver brings intentionality to dependency risk decisions by giving teams visibility into who controls an open source project and how that control has changed over time. Instead of waiting for vulnerabilities to be disclosed, DepsDiver evaluates open source projects using signals that determine long-term risk, not just short-term exposure.

These signals fall into three core areas:

  • Project health: Is the project actively maintained, or showing signs of decay, abandonment, or superficial activity that increase takeover risk?
  • Maintainer behavior: Who is contributing today, has that changed over time, and do shifts in maintainership introduce new trust or stability concerns?
  • Control and influence: Are there changes in ownership, governance, or contributor influence that alter who ultimately controls the project?  What is the percentage of foreign influence with your dependencies?
How DepsDiver Works

Dependency risk forms while code is being written. That’s why DepsDiver is available both as a hosted platform and an IDE extension, DepsDiver Assist. The platform provides deep, pre-adoption intelligence, while the DepsDiver Assist extension brings the same control and trust signals directly into developer workflows at the moment dependencies are introduced.

The platform supports deep analysis of packages, repositories, contributors, and domains during evaluation and design. The IDE extension surfaces those same risk signals inside local workflows as dependencies are added, highlighting issues and suggesting safer alternatives in real time, including when working alongside AI code assistants.

Furthermore, this integration allows users to work natively with any AI code assist tool,  providing sourced alternatives to high-risk dependencies so users can  use other pieces of open source that are more secure and still meet their build needs.

Users can tailor DepsDiver’s alerts to be as lenient or as stringent as their enterprise requires.

Make Dependency Trust Explicit

DepsDiver is the result of Hunted Labs’ research into open source risk in the wild — not in theory, not in postmortems, but as it actually forms across real projects, real maintainers, and real shifts in control. The most consequential risks rarely begin as vulnerabilities. They begin as changes in trust: a project losing maintainers, ownership quietly shifting, influence consolidating in ways defenders never intended.

DepsDiver is giving teams control-first dependency intelligence before adoption by changing how trust decisions are made — from a reactive to proactive view that overhauls disparate data into threat informed intelligence.  This is the new foundation for how dependency risk is built, understood and executed into the daily lives of developers.

Secure your dependencies with DepsDiver. The first 7 days are on us. →

DepsDiver FAQs
Q: What is DepsDiver?

A: DepsDiver is Hunted Labs’ control-first dependency intelligence platform. It helps teams determine whether an open source dependency can be trusted before it becomes embedded in their systems by analyzing who controls a project, how that control is changing, and what it means for long-term risk.

Q: How do I get started with DepsDiver?

A: Getting started is easy. DepsDiver is available via a fully hosted platform or IDE extension, and can be accessed immediately with a 7-day free trial. A credit card is required to start, and you won’t be charged unless you continue after the trial. Everything including access, tokens, and account management lives directly inside DepsDiver.

Q: Who is DepsDiver built for?

A: DepsDiver is designed for security teams, platform teams, and defenders responsible for software supply chain risk, especially in environments where trust, control, and governance matter as much as vulnerabilities.

Q: What types of risk does DepsDiver identify?

A: DepsDiver surfaces risk signals related to:

  • Maintainer turnover and shifts in contributor influence
  • Declining or superficial project activity
  • Ownership or governance changes
  • Indicators of foreign or external influence

These factors affect whether a dependency can be trusted over time, not whether a specific flaw is exploitable.

Q: When should teams use DepsDiver?

A: DepsDiver is designed for pre-adoption and early decision-making, including:

  • Evaluating new dependencies before adoption
  • Reassessing existing dependencies as control changes
  • Performing ad-hoc investigations during design or review

It helps answer a simple question – should we trust this dependency?

Q: Does DepsDiver require an SBOM?

A: No. DepsDiver can analyze dependencies directly using package identifiers or repository data. This enables fast, ad-hoc investigations without requiring an SBOM or local scanning.

Q: How does DepsDiver relate to Entercept?

A: DepsDiver provides pre-development intelligence about external dependencies. Entercept focuses on monitoring and securing the software you build and run. Together, they provide visibility across the full software lifecycle from dependency selection to production monitoring.

Keep Reading

See All Blogs
See All Blogs
Blog Image
Mar 2, 2026
The Hunted Labs Team
5 Questions to Ask Before Adopting an Open Source Dependency
Blog Image
Feb 23, 2026
The Hunted Labs Team
The Riskiest Security Decisions Happen Before You Write Code
Blog Image
Jan 29, 2026
Michael Simmons
Safe Vibes Only: How DepsDiver Assist Secures AI-Generated Code from Foreign-Controlled Dependencies
Cta ImageCta Image

Your Hunt Starts Now

Learn how DepsDiver and Entercept help organizations investigate and defend their software supply chains and critical systems.
Start Hunting
Start Hunting

Stay Connected

Sign up for the latest updates on threats we uncover, research drops, and Hunted Labs news.
Company
About UsCareersNewsroom
Use Cases
SBOM & Vulnerability
ManagementSoftware Supply
Chain SecurityContainer Security
Cookies
Cookie Preferences
© 2026 All Rights Reserved | Hunted Labs

Cookie Settings

We value your privacy. The site uses necessary cookies to operate and maintain security, which
are set automatically. We also use analytics cookies to understand how visitors use this site so we can improve it. These cookies are only placed with your consent. No analytics data is collected if you decline. You can change your preference at any time via the "Cookie Preferences" link in the footer below. For more information, see our Privacy Policy.

Allow AllReject

Customize

Cookie Settings

We value your privacy. We use analytics cookies to understand how visitors use this site so we can improve it. These cookies are only placed with your consent. No analytics data is collected if you decline. You can change your preference at any time via the "Cookie Settings" link at the bottom of this page. For more information, see our Privacy Policy.

These items required to enable basic website functionality

Cookies used to deliver advertising that is more relevant to you and your interests.

Cookies allowing the website to remember choices you make (such as your user name, language, or the region you are in).

Cookies helping understand how this website performs, how visitors interact with the site, and weather there may be technical issues.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Confirm ChoicesCancel