RepoWarden automatically updates npm, Yarn, and pnpm dependencies, runs security audits against the npm advisory database, and uses AI to fix breaking changes -- so you can merge with confidence.
RepoWarden auto-detects your package manager from your lock file and configuration. No setup required.
package-lock.jsonFull support for all semver range operators. Workspace, link, and file references are automatically skipped. Lock file is regenerated cleanly after updates.
yarn.lock (no .yarnrc.yml)Equivalent to npm support. RepoWarden detects Classic Yarn when yarn.lock is present without Yarn Berry configuration files.
.yarnrc.yml or packageManager fieldUses Berry-specific install flags automatically. Both Plug'n'Play and node_modules linkers are supported. Detected via .yarnrc.yml or the packageManager field in package.json.
pnpm-lock.yamlFull support including workspace protocol (workspace:*) references, which are correctly skipped during updates. Monorepo-friendly.
Every scan includes a full security audit against the npm bulk advisory API. Critical and high severity CVEs are prioritized and clearly surfaced in your pull request.
All dependencies are checked against the npm advisory database. Severity levels (critical, high, moderate, low) are included in PR descriptions.
RepoWarden detects your Node.js version from configuration files and flags end-of-life or maintenance LTS versions with specific upgrade recommendations.
Typosquatting detection, maintainer change alerts, install script scanning, and download count anomaly checks protect against compromised packages.
RepoWarden detects your framework and adapts accordingly. When a React, Next.js, Express, or other framework update introduces breaking changes, the AI reads the changelog and applies the necessary code changes.
React
Next.js
Vue
Angular
Express
Fastify
Hono
NestJS
Vite
Webpack
Jest
Vitest
Tailwind CSS
ESLint
Prettier
TypeScript
And many more. RepoWarden reads changelogs for any package it updates.
RepoWarden reads your repository and identifies package.json, lock files, frameworks, and test runners.
Checks every dependency for new versions and runs npm audit to find known vulnerabilities.
Updates are applied and tested. If something breaks, AI reads the errors and changelogs to generate a fix.
A clean pull request is opened with a summary, risk assessment, and links to relevant changelogs.
JavaScript projects often have hundreds of dependencies. RepoWarden batches updates (up to 10 per PR) to keep PRs reviewable and avoids overwhelming your team with noise.
Security fixes come first, followed by major updates, then minor and patch versions.
If a batch fails, RepoWarden isolates the failing update so the rest can still ship.
Failed updates are remembered and not retried until a newer version is released.
RepoWarden opens PRs that pass your tests. AI fixes breaking changes. You just review and merge.
RepoWarden handles your polyglot fleet. Same install, same dashboard, same PR workflow across every language your team uses.