Keep your app up-to-date. Automatically. Safely. Reasonably.

Depfu helps your team with the boring chore of keeping your app up-to-date by sending you super nice pull requests with all the info you need.
You stay in control if and when to merge.

Less work, same outcome.

Keeping your dependencies current is crucial for the security, health and maintainability of your code base, yet it's so often pushed aside for more visible work.

But there is also no value in being on all the latest versions, you just want your dependencies to stay current. It's called bleeding edge for a reason.

So Depfu figures out the minimum number of updates you need to keep you reasonably up-to-date. None of your dependencies will be more than one month behind.

Get notified about new versions right where you work — with a GitHub pull request

The PR has all the info you need to make an informed decision about a dependency update

The Depfu scheduler "matures" new versions depending on the library's past release frequency instead of opening a PR right away.

Releases vs PRs per week for an average npm project with 65 direct dependencies.

  • Number of actual releases
  • Number of Depfu PRs

Releases vs PRs per week for a large Bundler project with 115 direct dependencies.

  • Number of actual releases
  • Number of Depfu PRs

This reduces the number of PRs per week compared to sending you every new version by roughly 50% — sometimes more, sometimes less.

What changed?

We gather everything we can find about the new version, from GitHub release notes, the project's changelog to all commits for that version. So you don’t need to hunt that down yourself over and over again. Check out our example repo.

Ruby and JavaScript

We support Ruby with Bundler and JavaScript with Yarn and npm. Different versions and lockfiles are handled automatically, so the pull requests you'll be receiving are fully working. In most cases all you need to do, is to click that merge button.

Security vulnerabilities

Get actionable PRs instead of emails! We sync with open-source DBs and Github's security alerts to send you a PR with the new version as quickly as possible. These will always jump the queue.

Brings you up-to-date

We drip-feed you updates if you're behind, but never open more than 7 PRs at once to not overwhelm you. This way, we bring you up-to-date one gem at a time at your own pace.

If it hurts, do it more often

We strongly believe in doing small updates continuously instead of waiting until you're quite behind and having to update everything at once. It's actually less work and less risk.

Your code is safe with us

We understand the security of your company’s source code is extremely important and we’ve built Depfu with that in mind. You can also run your own Depfu Enterprise on-premises.

  • Trusted by:
"Depfu is a great tool that helps you to reduce the stress of periodically checking dependency updates, with the risk to miss important releases. It definitely reduced the time we spend on maintenance at dnsimple."
Simone Carletti
CTO, dnsimple