Welcome to the docs
Reference for existing users: how to navigate DevUpdate.io and get the most out of it.
These docs cover everything past signup: how sources work, what the risk score means, how available dependency upgrades are surfaced, and how the MCP integration plugs into Claude and Cursor. New here? The sections below explain what DevUpdate.io is, how it compares to the tools you already use, and where to go next.
What is DevUpdate.io? #
DevUpdate.io is the dependency-intelligence layer for you and your AI coding agents. It tracks the releases, breaking changes, and security advisories of the libraries your project actually uses, anchored to your lockfile, and serves that as one verified feed for you and an MCP server for your agent. For GitHub sources it reads the git diff between versions to catch undocumented breaking changes, and it audits your pins against OSV/GHSA advisories, including the security issues no upgrade can fix. We never read or store your source code (see Privacy).
Who it's for #
Developers and teams maintaining a real dependency stack, especially if you've ever been burned by a "minor" update that broke production. DevUpdate.io strips out changelog noise, flags the silent breaks maintainers forget to document, and gives you (and your agent) risk-scored, advisory-backed intelligence instead of a guess.
How DevUpdate.io compares #
- vs Dependabot / Renovate: they open PRs to bump versions but don't tell you what's in the update. We read the diff, score the risk, and flag undocumented breaking changes so you can decide whether to merge, and we track sources they can't, like the Google Ads API or any changelog page.
- vs the GitHub feed & release trackers (NewReleases.io, Libraries.io): those stop at "a new version exists." We scope a digest to the dependencies in your lockfile and tell you what changed and how risky it is.
- vs SCA scanners (Snyk, Socket): like them we match OSV/GHSA advisories to your exact pins, with advisory ids you can verify; unlike them we tell you what to do next when the fix is blocked or unreleased, plus the release-by-release intelligence to survive the upgrade.
- vs Context7: Context7 feeds current library docs to agents ("how do I use this API now?"); we answer "is this update safe to merge, and what's in it?" Complementary, not competing.
- vs Sourcegraph & code search: those index the code you already have; we look outward at the libraries you depend on. Your tools know your code; we know your dependencies, and we deliberately never read your code.
Where to next #
- New here? Jump to Getting started.
- Tracking a repo? See Sources → Overview.
- Tracking dependencies via lockfile? See Lockfiles → Overview.
- Wiring up Claude or Cursor? See API → MCP server.
Questions, or a release source we don't track yet? Email info@devupdate.io or use the contact page.