Skip to main content
Free to Use — No Credit Card Required

Detect. Map. Cluster.
Fix. Verify. Ship.

Every Verx scan walks the full pipeline — from CVE detection to a tested merge request. Here is what you get on the first run, free.

Capabilities

Detect

CVE detection across the full tree.

Every direct and transitive dependency is checked against OSV, npm, PyPI, and Go advisories. New CVEs surface the moment they hit the public feeds — not on a weekly digest.

  • Full-tree scanning, not just direct dependencies
  • Severity, CVSS, and exploit-availability context
  • JavaScript (npm, pnpm, Yarn), Python (pip, Poetry, uv), Go, Java (Maven)
Map

Blast radius before you touch anything.

See which files import the package, which downstream packages depend on it, and how big a change actually is — before you start the upgrade. No more "let me grep and find out."

  • Affected files and import paths
  • Downstream packages impacted by a bump
  • Risk score per dependency, ranked
Cluster

Group what has to upgrade together.

react and react-dom can not move separately. Neither can typescript and the @types ecosystem. Verx auto-clusters peer-dependent packages so a phase actually ships as a unit.

  • Auto-grouping based on peer dependencies
  • TypeScript, ESLint, and framework stacks clustered
  • Phased plan: security → tooling → framework minor → framework major
Fix

AI applies the breaking changes.

When a major bump renames an export, swaps a config format, or changes a hook API, Verx applies the fix in a sandbox, runs your tests, and only continues if it passes.

  • Codemod-style fixes for known migrations
  • Prompt-driven fixes for novel breaking changes
  • Type, lint, and test gates per phase
Verify

Sandboxed runs. Nothing ships until it passes.

Every phase runs in a language-specific Docker container. Your code never leaves the sandbox until tsc, eslint, and the test suite all pass against your baseline.

  • Isolated Docker execution per phase
  • Type-check, lint, and test verification
  • Auto-rebase onto your target branch
Ship

One tested merge request per phase.

No 200-PR backlog. Verx pushes one merge request per phase, with the diff, the test results, and a summary of what changed and why. You review. You merge. That is it.

  • GitHub and GitLab support
  • Per-phase branches, never reused
  • Summary of CVEs fixed, packages upgraded, breaking changes resolved

All of it. Free.
No credit card. No usage caps.

Connect GitHub or GitLab. First scan in 60 seconds. Every feature on this page is included on the first run.

No credit card required.