DeepReach: Dependency Blind-Spot Investigator
DeepReach uses CRAFT to identify open-source packages whose ecosystem importance is hidden behind transitive dependency chains.
The agent investigates the DEPS_DEV_V1 dependency graph, selects the latest available table snapshot, filters to the highest successfully resolved dependent releases, canonicalizes path-encoded package identities, and compares visible direct usage with total downstream reach.
The investigation found that inherits@2.0.4 has only three canonical direct dependent nodes, but reaches 87 downstream nodes across seven dependency levels. Its actual reach is 29 times larger than its visible direct footprint, with 96.55% of its exposure hidden transitively.
By comparison, tslib@2.7.0 appears much larger through direct usage—43 nodes versus three—but its total reach is only slightly larger: 97 versus 87.
DeepReach shows why engineering and software-supply-chain teams should prioritize foundational dependencies using hidden downstream reach and transitive amplification, rather than direct-dependent counts alone.
Built With
- emergent
Log in or sign up for Devpost to join the conversation.