DepCrumbs

Every install leaves a trail

Full audit trail for every package your AI assistant installs

DepCrumbs hooks into Claude Code and logs every dependency installation with version, license, integrity hash, and full dependency tree — automatically.

Get Started View on GitHub 
~ $ depcrumbs setup
✓ Hook configured in ~/.claude/settings.json
✓ Ready to track installations

~ $ npm install express lodash
[DepCrumbs] express@4.21.0 — MIT — sha512-abc...
[DepCrumbs] lodash@4.17.21 — MIT — sha512-def...
Saved to .depcrumbs.json

Supported Package Managers

Works with the tools you already use

Ten package managers detected and parsed out of the box.

npm yarn pnpm pip uv cargo go gem composer brew

How It Works

Four steps, fully automatic

Once set up, DepCrumbs runs silently in the background every time Claude Code installs a package.

01

Install Hook

One command to set up. DepCrumbs adds a PostToolUse hook to Claude Code that fires after every tool invocation.

02

Detect Command

Parsers recognize install commands across 10 package managers, extracting package names and flags.

03

Enrich Metadata

Registry APIs provide license, resolved version, integrity hash, and dependency tree for every package.

04

Store Audit Trail

Results are saved as JSON or Markdown, per-project and globally, so you always have a complete record.

What Gets Tracked

Structured data for every install

Each entry in .depcrumbs.json captures the full context of what was installed and why.

{
  "timestamp": "2026-04-14T20:15:00.000Z",
  "packageManager": "npm",
  "command": "npm install express",
  "packages": [{
    "name": "express",
    "resolvedVersion": "4.21.0",
    "license": "MIT",
    "registryUrl": "https://registry.npmjs.org/express",
    "integrityHash": "sha512-...",
    "isDirect": true
  }]
}

Installation

Get up and running in seconds

Choose the method that fits your workflow.

Claude Code Plugin

Install directly from the Claude Code marketplace for automatic hook setup and updates.

claude plugin install depcrumbs

Standalone CLI

Install globally via npm, then run setup to configure the hook manually.

npm install -g depcrumbs && depcrumbs setup

Roadmap

What's next

Planned features on the horizon.

Multi-tool support

Track dependencies across Codex CLI, Warp, and other AI coding assistants.

SBOM export

Generate Software Bill of Materials in CycloneDX and SPDX formats.

Vulnerability scanning

Cross-reference installed packages against known CVE databases.

Dashboard UI

Visual web interface for browsing and exploring dependency history.

Team audit logs

Shared audit trails for teams with role-based access control.

Policy enforcement

Block or warn on packages that violate license or security policies.