Terms of Service

Last updated: March 30, 2026

What this is

Dependency Obituary is a free, open-source tool that scores the health of software dependencies using publicly available data from package registries and GitHub. It is not a security scanner, vulnerability database, or compliance certification tool.

No warranty

This tool is provided "AS IS" without warranty of any kind. Health scores are derived from public API signals (commits, releases, downloads, contributors, CVEs) and represent an objective assessment of maintenance activity - not a guarantee of software quality, security, or fitness for any purpose.

Do not rely solely on Dependency Obituary scores for security decisions. Use it alongside tools like npm audit, Snyk, and manual code review.

Acceptable use

  • Use the tool to analyze your own projects and dependencies
  • Share reports with your team or publicly
  • Install the GitHub App on repos you have permission to manage
  • Self-host under the MIT license

Do not:

  • Abuse the API with automated bulk requests beyond reasonable use
  • Use the tool to harass or defame open-source maintainers
  • Misrepresent health scores as official security certifications

Rate limits

The API uses GitHub's rate limits (5,000 requests/hour per token). Signed-in users get their own rate limit budget. Anonymous users share a common pool. When rate-limited, the tool returns partial results - never errors.

GitHub App

The GitHub App reads dependency files from your pull requests and posts health report comments. It requires read access to repository contents and write access to pull request comments. It does not modify your code, create commits, or access anything beyond dependency files.

Limitation of liability

In no event shall the authors or operators of Dependency Obituary be liable for any claim, damages, or other liability arising from the use of this tool. This includes but is not limited to: decisions made based on health scores, data loss, service interruptions, or inaccurate scoring results.

Open source

Dependency Obituary is open source under the MIT License. You are free to use, modify, and distribute the code. See the LICENSE file for details.

Changes

We may update these terms. Changes will be posted on this page with an updated date. Continued use of the tool after changes constitutes acceptance.

Contact

Questions? Email legal@orelsec.com