Drift Intelligence

Know exactly where your stack is falling behind.

Name: Vibgrate
Rating: 5 (1 reviews)
Author: Vibgrate

Vibgrate measures drift across every project — runtimes, frameworks, every dependency — scores the risk, and turns it into an upgrade plan your team actually ships.

Scan your first repo free See the leadership dashboard

Drift Score

74↑ from 61

CVE queue +32 repos drifting faster4 upgrades merged today

09:04ZDRIFTNext.js is 2 major versions behind (14.2.35 → 16.1.6)

09:01ZOWASPA02 Cryptographic Failures — JWT secret hardcoded (src/auth/jwt.ts:18)

08:58ZDRIFT39% of dependencies 2+ majors behind in acme-api

08:55ZSCANNERgitleaks — signature set up to date

2,400+ runtimes & frameworks tracked·EOL dates for every major ecosystem·CycloneDX & SPDX native·Works with GitHub, GitLab & Bitbucket

Drift is silent until it's an incident.

Every quarter your runtimes age, your frameworks fall behind, and the cost of catching up compounds. By the time a CVE forces the upgrade, it's an emergency project with a deadline you didn't choose.

EOL Horizon — Today → +24 months

ended

.NET 6

ended

Spring Boot 2

Node 18

ended

4 mo

Python 3.10

.NET 8

5 mo

10 mo

Node 22

Python 3.11

16 mo

19 mo

.NET 9

Today+12 mo+24 mo

One system. Three moves.

SEE

A Drift Score for every project, rolled up to repo, team and portfolio.

Portfolio view

acme-web24

auth-service61

api-gateway74

mobile-api44

data-pipeline85

admin-panel91

cms38

payments78

How the Drift Score works

DECIDE

A prioritised upgrade roadmap with effort, risk and cost-of-delay — not a wall of alerts.

Upgrade Roadmap

Upgrade Node.js 18 → 22

~1 dev-daycloses 8 findings

Patch lodash, resolve 3 CVEs

~2 dev-dayscloses 14 findings

Migrate React 17 → 19

~5 dev-dayscloses 22 findings

See a sample roadmap

SHIP

Hand remediation to the AI agent you already pay for. Vibgrate verifies the result.

AI integrations & MCP

Drift Score

74↑ from 61

CVE queue +32 repos drifting faster4 upgrades merged today

09:04ZDRIFTNext.js is 2 major versions behind (14.2.35 → 16.1.6)

09:01ZOWASPA02 Cryptographic Failures — JWT secret hardcoded (src/auth/jwt.ts:18)

08:58ZDRIFT39% of dependencies 2+ majors behind in acme-api

08:55ZSCANNERgitleaks — signature set up to date

08:52ZDRIFTNode.js 18.x — EOL passed, upgrade path to 22 available

08:49ZOWASPA06 Vulnerable Components — lodash 4.17.20 (CVE-2021-23337)

08:46ZDRIFTReact 17 → 19: 3 breaking changes detected across 12 files

Drift and security findings in one stream — because version drift is the leading indicator of your next vulnerability.

Open portfolio dashboard

Built for every layer of the team

Engineering Managers

See which teams are drifting and what one sprint of upgrades buys you.

Learn more

CTOs

Portfolio risk, EOL exposure and compliance posture on one board-ready page.

Learn more

Platform Engineers

One CLI across every repo. Detected vs governed, your call.

Learn more

Security Engineers

Cut CVE noise by fixing the staleness that generates it.

Learn more

We don't sell you a destination.

Hyperscaler tools modernise you toward their cloud. Vibgrate is independent: we measure, prioritise and verify — and route execution to whatever agents and platforms you choose.

Pay for what drifts.

Scan everything free. Pay per project under governance — not per developer, not per seat. Micro-projects count as 1/10. Unlimited seats on every plan.

Free— scan everything

Team— $3–6/project

Business— $8–15/project

Estimate your bill

Learn:Tutorials·Patterns·Blueprints·Standards·Glossary

Watch a real scan. Right here.

This is a replay of the actual CLI running against our test repositories — live progress, real findings, a genuine Drift Score. Nothing executes in your browser.

Replay

demo@vibgrate — bash

❯ npx @vibgrate/cli scan

╔══════════════════════════════════════════╗

║ Vibgrate Drift Report ║

╚══════════════════════════════════════════╝

── node-turborepo (node) .

Runtime: >=18.0.0 (6 majors behind)

Frameworks:

Turbo: 1.13.4 → 2.10.0 (1 behind)

TypeScript: 5.9.3 → 6.0.3 (1 behind)

Dependencies:

1 current 2 1-behind 2 2+ behind 1 unknown

── @repo/admin (node) apps/admin

Frameworks:

TanStack Query: 5.101.2 → 5.101.2 (current)

React: 18.3.1 → 19.2.7 (1 behind)

React DOM: 18.3.1 → 19.2.7 (1 behind)

TypeScript: 5.9.3 → 6.0.3 (1 behind)

Vite: 5.4.21 → 8.1.0 (3 behind)

Dependencies:

4 current 9 1-behind 2 2+ behind 4 unknown

── @repo/api (node) apps/api

Frameworks:

Express: 4.22.2 → 5.2.1 (1 behind)

TypeScript: 5.9.3 → 6.0.3 (1 behind)

Vitest: 1.6.1 → 4.1.9 (3 behind)

Dependencies:

7 current 6 1-behind 2 2+ behind 4 unknown

── @repo/web (node) apps/web

Frameworks:

Next.js: 14.2.35 → 16.2.9 (2 behind)

React: 18.3.1 → 19.2.7 (1 behind)

React DOM: 18.3.1 → 19.2.7 (1 behind)

TypeScript: 5.9.3 → 6.0.3 (1 behind)

Dependencies:

2 current 7 1-behind 2 2+ behind 5 unknown

── @repo/config (node) packages/config

Frameworks:

TypeScript: 5.9.3 → 6.0.3 (1 behind)

Dependencies:

2 current 3 1-behind 4 2+ behind 0 unknown

── @repo/types (node) packages/types

Frameworks:

TypeScript: 5.9.3 → 6.0.3 (1 behind)

Dependencies:

0 current 1 1-behind 0 2+ behind 1 unknown

── @repo/database (node) packages/database

Frameworks:

Prisma: 5.22.0 → 7.8.0 (2 behind)

TypeScript: 5.9.3 → 6.0.3 (1 behind)

Dependencies:

1 current 1 1-behind 2 2+ behind 1 unknown

── @repo/ui (node) packages/ui

Frameworks:

React: 18.3.1 → 19.2.7 (1 behind)

TypeScript: 5.9.3 → 6.0.3 (1 behind)

React: 18.3.1 → 19.2.7 (1 behind)

Dependencies:

1 current 5 1-behind 0 2+ behind 1 unknown

── @repo/utils (node) packages/utils

Frameworks:

TypeScript: 5.9.3 → 6.0.3 (1 behind)

Vitest: 1.6.1 → 4.1.9 (3 behind)

Dependencies:

0 current 2 1-behind 1 2+ behind 1 unknown

Findings (12 errors, 5 warnings)

✖ Node.js runtime ">=18.0.0" reached end-of-life on 2025-04-30 (latest: 24.0.0).

vibgrate/runtime-eol in .

⚠ 40% of dependencies are 2+ major versions behind in node-turborepo.

vibgrate/dependency-rot in .

✖ @types/node is 6 major versions behind (spec: ^20.11.0, latest: 26.0.1).

vibgrate/dependency-major-lag in .

✖ Vite is 3 major versions behind (current: 5.4.21, latest: 8.1.0).

vibgrate/framework-major-lag in apps/admin

✖ vite is 3 major versions behind (spec: ^5.0.12, latest: 8.1.0).

vibgrate/dependency-major-lag in apps/admin

✖ Vitest is 3 major versions behind (current: 1.6.1, latest: 4.1.9).

vibgrate/framework-major-lag in apps/api

✖ @types/node is 6 major versions behind (spec: ^20.11.0, latest: 26.0.1).

vibgrate/dependency-major-lag in apps/api

✖ vitest is 3 major versions behind (spec: ^1.2.1, latest: 4.1.9).

vibgrate/dependency-major-lag in apps/api

⚠ Next.js is 2 major versions behind (current: 14.2.35, latest: 16.2.9).

vibgrate/framework-major-lag in apps/web

✖ @types/node is 6 major versions behind (spec: ^20.11.0, latest: 26.0.1).

vibgrate/dependency-major-lag in apps/web

⚠ 44% of dependencies are 2+ major versions behind in @repo/config.

vibgrate/dependency-rot in packages/config

✖ eslint-plugin-react-hooks is 3 major versions behind (spec: ^4.6.0, latest: 7.1.1).

vibgrate/dependency-major-lag in packages/config

⚠ Prisma is 2 major versions behind (current: 5.22.0, latest: 7.8.0).

vibgrate/framework-major-lag in packages/database

✖ 50% of dependencies are 2+ major versions behind in @repo/database.

vibgrate/dependency-rot in packages/database

✖ Vitest is 3 major versions behind (current: 1.6.1, latest: 4.1.9).

vibgrate/framework-major-lag in packages/utils

⚠ 33% of dependencies are 2+ major versions behind in @repo/utils.

vibgrate/dependency-rot in packages/utils

✖ vitest is 3 major versions behind (spec: ^1.2.1, latest: 4.1.9).

vibgrate/dependency-major-lag in packages/utils

╔══════════════════════════════════════════╗

║ Top Priority Actions ║

╚══════════════════════════════════════════╝

1. Upgrade EOL runtime in node-turborepo

End-of-life runtimes no longer receive security patches and block ecosystem upgrades.

./.

>=18.0.0 → 24.0.0 (6 majors behind)

Impact: −10 drift points (runtime & EOL)

2. Upgrade Vite 5.4.21 → 8.1.0 in @repo/admin (+2 more)

3 major versions behind. Major framework drift increases breaking change risk and blocks access to security fixes and performance improvements.

./apps/admin

Vite: 5.4.21 → 8.1.0 (3 majors behind)

./apps/api

Vitest: 1.6.1 → 4.1.9 (3 majors behind)

./packages/utils

Vitest: 1.6.1 → 4.1.9 (3 majors behind)

Impact: −5–15 drift points

3. Reduce dependency rot in @repo/database (50% severely outdated)

2 of 4 dependencies are 2+ majors behind. Run `npm outdated` and prioritise packages with known CVEs or breaking API changes.

./packages/database

@prisma/client: 5.22.0 → 7.8.0 (2 majors behind)

prisma: 5.22.0 → 7.8.0 (2 majors behind)

Impact: −5–10 drift points

4. Reduce dependency rot in @repo/config (44% severely outdated)

4 of 9 dependencies are 2+ majors behind. Run `npm outdated` and prioritise packages with known CVEs or breaking API changes.

./packages/config

eslint-plugin-react-hooks: 4.6.2 → 7.1.1 (3 majors behind)

@typescript-eslint/eslint-plugin: 6.21.0 → 8.62.0 (2 majors behind)

@typescript-eslint/parser: 6.21.0 → 8.62.0 (2 majors behind)

eslint: 8.57.1 → 10.6.0 (2 majors behind)

Impact: −5–10 drift points

5. Reduce dependency rot in node-turborepo (40% severely outdated)

2 of 5 dependencies are 2+ majors behind. Run `npm outdated` and prioritise packages with known CVEs or breaking API changes.

./.

@types/node: 20.19.43 → 26.0.1 (6 majors behind)

eslint: 8.57.1 → 10.6.0 (2 majors behind)

Impact: −5–10 drift points

╔══════════════════════════════════════════╗

║ Drift Score Summary ║

╚══════════════════════════════════════════╝

Drift Score: 74/100

Risk Level: HIGH

Projects: 9

Classified: 9 micro · 0 small · 0 standard

Billable: 0 · 9 detected → 0 billable (micro-project pricing)

Score Breakdown

Runtime: ████████████████████ 100

Frameworks: █████████░░░░░░░░░░░ 44

Dependencies: ██████████████████░░ 88

EOL Risk: ████████████████████ 100

Scanned at 2026-06-29T10:43:46.332Z · 21.0s · 14 files scanned · 56 workspace files · 27 dirs

╔══════════════════════════════════════════════════╗

║ ◆ Get AI-aware answers in your editor ║

╚══════════════════════════════════════════════════╝

vg install --all

· Code map in your assistant — call trees, impact surfaces, import paths

· Offline drift — DriftScore and upgrade priorities, right inside your editor

· Version-correct library docs — pinned to your lockfile, no hallucinated APIs

Press Run to start.

Get your DSN — start scanning free

Create a workspace at dash.vibgrate.com · your DSN connects the CLI in one command

Try the full interactive demo

Get your Drift Score in minutes.

Install the CLI, run one scan, see exactly how far behind your estate has drifted.

# Run without installing anything
npx @vibgrate/cli scan

# Pin a version or see every command
npx @vibgrate/cli@latest --help

no install·Nothing is installed globally — ideal for CI or a one-off scan.

Start free — no card

No sign-up required · Results in under 60 seconds