Get started
Tools / Supply Chain Risk / Use Cases / Analyse Dependency Graphs for Hidden Risk

Analyse Dependency Graphs for Hidden Risk

Map the full dependency tree for any npm package and identify risky transitive dependencies buried in the graph.

Tool
Supply Chain Risk icon
Supply Chain Risk

When you install a package with 5 direct dependencies, you're actually installing the entire subtree — which might be 200 packages deep. One compromised package anywhere in that tree can exfiltrate credentials, inject malware, or cause a supply chain attack. Almost nobody audits transitive dependencies because the graph is too large to inspect manually.

The dependency_graph skill maps the full dependency tree for a given package, returning a structured representation of every direct and transitive dependency. Combined with package_risk, you can identify which nodes in the graph carry the most risk — without reading every one of hundreds of package.json files manually.

Security architects scoping the blast radius of a supply chain incident, developers evaluating whether a new package brings unwanted dependencies, and security tools that need full dependency inventories for SBOM (Software Bill of Materials) generation all use this to understand what they're actually running.

Agent Guides

Claude

  1. Connect ToolRouter to Claude: claude mcp add toolrouter -- npx -y toolrouter-mcp
  2. Ask: "Get the dependency graph for the express npm package using supply-chain-risk"
  3. Claude returns a structured dependency tree
Read full guide →

ChatGPT

  1. Add ToolRouter to ChatGPT using the MCP JSON configuration
  2. Ask: "Get the dependency graph for react using supply-chain-risk"
  3. ChatGPT returns the full dependency tree
Read full guide →

Copilot

  1. Add ToolRouter to your Copilot MCP configuration
  2. In Copilot Chat: "Get the dependency graph for lodash using supply-chain-risk"
  3. Copilot returns structured dependency tree data
Read full guide →

OpenClaw

  1. Connect ToolRouter to OpenClaw: openclaw mcp add toolrouter -- npx -y toolrouter-mcp
  2. Run: "Get dependency graphs for all production dependencies in our application using supply-chain-risk"
  3. OpenClaw returns complete graphs for all packages
Read full guide →

Related Use Cases

Open Detect Typosquatted and Malicious npm Packages

Detect Typosquatted and Malicious npm Packages

Identify npm packages that impersonate popular libraries through typosquatting, namespace confusion, or name similarity attacks.

Supply Chain Risk icon
Supply Chain Risk4 agent guides

Related Workflows

Software Dependency AuditMap the full dependency graph, assess supply chain risk per package, cross-reference CVEs, and deliver a prioritized audit deck.