How to Analyse Dependency Graphs with Claude
Analyse npm dependency graphs with Claude and ToolRouter. Map transitive dependencies and identify hidden risk.
Tool
Claude navigates complex dependency graphs to surface the risks that matter — identifying which transitive packages are most widely used (and therefore highest-impact if compromised), flagging dependencies with concerning maintenance signals, and explaining why a specific deep dependency poses a risk to the whole tree.
Connect ToolRouter to Claude
1Open connector settings Open Settings
2Add a custom connector with these details
Name
ToolRouterURL
https://api.toolrouter.com/mcp3Let Claude set you up Open Claude
Steps
Once connected (see setup above), use the Supply Chain Risk tool:
- Ask: "Get the dependency graph for the express npm package using supply-chain-risk"
- Claude returns a structured dependency tree
- Ask: "Check risk scores for the five most common dependencies in this graph using supply-chain-risk"
- Request: "Which transitive dependencies represent the highest risk in this tree?"
Example Prompt
Try this with Claude using the Supply Chain Risk tool
Get the dependency graph for webpack using supply-chain-risk, then check risk scores for the packages with the most dependents in the graph. Which transitive packages pose the greatest supply chain risk?
Tips
- Focus risk checks on the most widely-used transitive packages first — they affect the most code
- Ask Claude to identify any packages in the graph with fewer than two maintainers
- Look for packages with recent ownership changes — a common vector for supply chain attacks