Stop Triaging. Start Fixing. Introducing VigilOps
You've seen the alert. You've opened the PR. You've read the changelog. Then you realize: your code doesn't even call the vulnerable function. Every week. Hundreds of teams drowning in CVE notifications for packages sitting dormant in their node_modules — dependencies they pulled in years ago, bundled by a transitive library, and never actually executed. Meanwhile, the real vulnerabilities get buried. VigilOps is a free Node.js CLI that fixes this. How VigilOps Works VigilOps does three things: Scans dependencies against OSV.dev — the open vulnerability database used by GitHub, PyPI, and npm Runs static reachability analysis to filter out unreachable vulnerabilities (packages in your tree but never called by your code) Auto-opens a GitHub PR with the fix The result: you get one PR with one real vulnerability. Not a spreadsheet. Not a wall of Slack messages. A fix. Demo Here's a quick scan: npx vigilops scan examples/vigilops-demo-lodash And to see everything including suppressed (unreachable) deps: npx vigilops scan examples/vigilops-demo-express --all The --all flag shows what's in your dependency tree but not actually reachable from your code. That's what the noise looks like — and that's what VigilOps filters out. Why This Is Different Dependabot and Snyk scan your entire lockfile. They report every CVE in every package, regardless of whether your code ever touches the vulnerable surface. This creates alert fatigue that causes teams to eventually... stop reading. VigilOps inverts the model: only surface vulnerabilities in code you actually call. Dependabot: "Your project has 47 vulnerabilities" (but 40 are unreachable noise) VigilOps: "Your project has 1 reachable vulnerability. PR is ready." Quick Start npm install -g vigilops npx vigilops scan . Authenticate with GitHub: https://github.com/Vigilops/vigilops npx vigilops auth That's it. The first run will scan, analyze, and open a PR if there's a fixable reachable vulnerability. What's Included OSV.dev integrati