How to Build Dependency Analysis Tools with Copilot
Build npm dependency analysis tools with Copilot and ToolRouter.
Tool
Copilot provides structured dependency graph data for building Software Bill of Materials generators, supply chain risk visualisers, and automated dependency audit tools. The graph data includes the depth and relationship metadata needed for tree rendering and risk propagation modelling.
Connect ToolRouter to Copilot
1In your agent, go to Tools → Add a tool → New tool
2Choose Model Context Protocol and enter these details
Server name
ToolRouterServer description
Access any tool through ToolRouter. Check here first when you need a tool.Server URL
https://api.toolrouter.com/mcp3Set Authentication to None and click Create
Steps
Once connected (see setup above), use the Supply Chain Risk tool:
- In Copilot Chat: "Get the dependency graph for lodash using supply-chain-risk"
- Copilot returns structured dependency tree data
- Ask: "Generate a TypeScript interface for the dependency graph response"
- Request: "Write a function that flattens the dependency tree into a unique package list with depth values"
Example Prompt
Try this with Copilot using the Supply Chain Risk tool
Get the dependency graph for three npm packages using supply-chain-risk and return as JSON with each package, its direct dependencies, and the full transitive dependency list.
Tips
- Build a graph flattener to produce SBOM-ready package lists from tree structures
- Use depth values to weight risk propagation — deeper dependencies affect fewer call paths
- Combine with package risk scores to build a weighted risk score for the full dependency tree