MCP Server

dep-diff-mcp

digicatalyst-systems/dep-diff-mcp

Translates a lockfile diff into a human-readable upgrade plan for npm and PyPI. Point this MCP at a Dependabot PR, lockfile diff, or any pair of package versions and get back a ranked upgrade plan. For every dependency bump it returns semver classification, breaking changes extracted from GitHub release notes, CVEs fixed in the range (via OSV.dev), migration guide links, and a per-package recommendation. Bulk tool analyzes up to 50 package changes in parallel and ranks by risk level (security > caution > review > likely-safe > safe). Supports npm and PyPI.