Point this at a Dependabot PR or npm outdated output and get a ranked upgrade plan with breaking changes, CVE fixes, and migration links. The server exposes two tools: analyze_package_change for single packages and analyze_packages_bulk for up to 50 at once. It scrapes GitHub release notes, checks OSV.dev for security fixes, and returns a risk level (security, caution, review, likely-safe, safe) with semver classification. Handles npm and PyPI. Runs via npx with optional GitHub token for higher rate limits. Integrates with Claude Code, Cursor, and Claude Desktop. Good for turning lockfile diffs into actionable decisions without manually reading changelogs.
claude mcp add --transport stdio digicatalyst-systems-dep-diff-mcp uvx dep-diff-mcp