Dependency review is now generally available for all public repositories and for private repositories with GitHub Advanced Security enabled. Dependency review helps you understand dependency changes and the security impact of these changes when reviewing pull requests. It provides an easily understandable visualization of dependency changes with a rich diff on the "Files Changed" tab of a pull request and shows:

  • Which dependencies were added, removed, or updated, along with the release dates.
  • How many projects use these dependencies.
  • Vulnerabilities being introduced by the added or updated dependencies.

Open Dependency Review For Package Manifest

Learn more about dependency review
Learn more about GitHub Advanced Security