Drift Intelligence
Know exactly where your stack is falling behind.
Vibgrate measures drift across every project — runtimes, frameworks, every dependency — scores the risk, and turns it into an upgrade plan your team actually ships.
Drift Score
74↑ from 61
CVE queue +32 repos drifting faster4 upgrades merged today
09:04ZDRIFTNext.js is 2 major versions behind (14.2.35 → 16.1.6)
09:01ZOWASPA02 Cryptographic Failures — JWT secret hardcoded (src/auth/jwt.ts:18)
08:58ZDRIFT39% of dependencies 2+ majors behind in acme-api
08:55ZSCANNERgitleaks — signature set up to date
2,400+ runtimes & frameworks tracked·EOL dates for every major ecosystem·CycloneDX & SPDX native·Works with GitHub, GitLab & Bitbucket
Drift is silent until it's an incident.
Every quarter your runtimes age, your frameworks fall behind, and the cost of catching up compounds. By the time a CVE forces the upgrade, it's an emergency project with a deadline you didn't choose.
EOL Horizon — Today → +24 months
endedVue 2
.NET 6ended
endedSpring Boot 2
Node 18ended
4 moPython 3.10
.NET 85 mo
10 moNode 22
Python 3.1116 mo
19 mo.NET 9
Today+12 mo+24 mo
One system. Three moves.
SEEHow the Drift Score works
A Drift Score for every project, rolled up to repo, team and portfolio.
Portfolio view
acme-web24
auth-service61
api-gateway74
mobile-api44
data-pipeline85
admin-panel91
cms38
payments78
DECIDESee a sample roadmap
A prioritised upgrade roadmap with effort, risk and cost-of-delay — not a wall of alerts.
Upgrade Roadmap
1
Upgrade Node.js 18 → 22
~1 dev-daycloses 8 findings
2
Patch lodash, resolve 3 CVEs
~2 dev-dayscloses 14 findings
3
Migrate React 17 → 19
~5 dev-dayscloses 22 findings
SHIP
Hand remediation to the AI agent you already pay for. Vibgrate verifies the result.
AI integrations & MCPDrift Score
74↑ from 61
CVE queue +32 repos drifting faster4 upgrades merged today
09:04ZDRIFTNext.js is 2 major versions behind (14.2.35 → 16.1.6)
09:01ZOWASPA02 Cryptographic Failures — JWT secret hardcoded (src/auth/jwt.ts:18)
08:58ZDRIFT39% of dependencies 2+ majors behind in acme-api
08:55ZSCANNERgitleaks — signature set up to date
08:52ZDRIFTNode.js 18.x — EOL passed, upgrade path to 22 available
08:49ZOWASPA06 Vulnerable Components — lodash 4.17.20 (CVE-2021-23337)
08:46ZDRIFTReact 17 → 19: 3 breaking changes detected across 12 files
Drift and security findings in one stream — because version drift is the leading indicator of your next vulnerability.
Open portfolio dashboardBuilt for every layer of the team
Engineering Managers
See which teams are drifting and what one sprint of upgrades buys you.
Learn more
CTOs
Portfolio risk, EOL exposure and compliance posture on one board-ready page.
Learn more
Platform Engineers
One CLI across every repo. Detected vs governed, your call.
Learn more
Security Engineers
Cut CVE noise by fixing the staleness that generates it.
Learn more
We don't sell you a destination.
Hyperscaler tools modernise you toward their cloud. Vibgrate is independent: we measure, prioritise and verify — and route execution to whatever agents and platforms you choose.
Pay for what drifts.
Scan everything free. Pay per project under governance — not per developer, not per seat. Micro-projects count as 1/10. Unlimited seats on every plan.
Free— scan everything
Team— $3–6/project
Business— $8–15/project
Watch a real scan. Right here.
This is a replay of the actual CLI running against our test repositories — live progress, real findings, a genuine Drift Score. Nothing executes in your browser.
❯ npx @vibgrate/cli scan .
╔══════════════════════════════════════════╗
║ Vibgrate Drift Report ║
╚══════════════════════════════════════════╝
── node-turborepo (node) .
Runtime: >=18.0.0 (4 majors behind)
Frameworks:
Turbo: 1.13.4 → 2.9.18 (1 behind)
TypeScript: 5.9.3 → 6.0.3 (1 behind)
Dependencies:
1 current 2 1-behind 2 2+ behind 1 unknown
── @repo/admin (node) apps/admin
Frameworks:
TanStack Query: 5.101.0 → 5.101.0 (current)
React: 18.3.1 → 19.2.7 (1 behind)
React DOM: 18.3.1 → 19.2.7 (1 behind)
TypeScript: 5.9.3 → 6.0.3 (1 behind)
Vite: 5.4.21 → 8.0.16 (3 behind)
Dependencies:
4 current 9 1-behind 2 2+ behind 4 unknown
── @repo/api (node) apps/api
Frameworks:
Express: 4.22.2 → 5.2.1 (1 behind)
TypeScript: 5.9.3 → 6.0.3 (1 behind)
Vitest: 1.6.1 → 4.1.8 (3 behind)
Dependencies:
7 current 6 1-behind 2 2+ behind 4 unknown
── @repo/web (node) apps/web
Frameworks:
Next.js: 14.2.35 → 16.2.9 (2 behind)
React: 18.3.1 → 19.2.7 (1 behind)
React DOM: 18.3.1 → 19.2.7 (1 behind)
TypeScript: 5.9.3 → 6.0.3 (1 behind)
Dependencies:
2 current 7 1-behind 2 2+ behind 5 unknown
── @repo/config (node) packages/config
Frameworks:
TypeScript: 5.9.3 → 6.0.3 (1 behind)
Dependencies:
2 current 3 1-behind 4 2+ behind 0 unknown
── @repo/database (node) packages/database
Frameworks:
Prisma: 5.22.0 → 7.8.0 (2 behind)
TypeScript: 5.9.3 → 6.0.3 (1 behind)
Dependencies:
1 current 1 1-behind 2 2+ behind 1 unknown
── @repo/types (node) packages/types
Frameworks:
TypeScript: 5.9.3 → 6.0.3 (1 behind)
Dependencies:
0 current 1 1-behind 0 2+ behind 1 unknown
── @repo/ui (node) packages/ui
Frameworks:
React: 18.3.1 → 19.2.7 (1 behind)
TypeScript: 5.9.3 → 6.0.3 (1 behind)
React: 18.3.1 → 19.2.7 (1 behind)
Dependencies:
1 current 5 1-behind 0 2+ behind 1 unknown
── @repo/utils (node) packages/utils
Frameworks:
TypeScript: 5.9.3 → 6.0.3 (1 behind)
Vitest: 1.6.1 → 4.1.8 (3 behind)
Dependencies:
0 current 2 1-behind 1 2+ behind 1 unknown
Tech Stack
Frontend: React, React DOM
Meta-frameworks: Next.js
Bundlers: tsx, Turbo, Vite
CSS / UI: Autoprefixer, PostCSS, Tailwind CSS
Backend: Express
ORM / Database: Prisma, Prisma Client
Testing: Vitest
Lint & Format: ESLint, ESLint Prettier, ESLint React, Prettier, typescript-eslint
Services & Integrations
Auth: JWT 9.0.3
Databases: Prisma 5.22.0
TypeScript
v5.3.3 · strict ✔ · MIXED · target: ES2022
Build & Deploy
Package Managers: pnpm
Monorepo: npm-workspaces, pnpm-workspaces, turbo
Product Purpose Signals
Frameworks: react, nextjs
Evidence: 177
Top Signals:
- [heading] Dashboard (apps/admin/src/pages/Dashboard.tsx)
- [title] Revenue Overview (apps/admin/src/pages/Dashboard.tsx)
- [copy] workspace:* (packages/ui/package.json)
- [copy] ./dist (packages/ui/tsconfig.json)
- [copy] ./src/index.ts (packages/ui/package.json)
- [copy] @repo/config/tsconfig-base.json (packages/ui/tsconfig.json)
- [copy] @repo/ui (packages/ui/package.json)
- [copy] #3b82f6 (apps/admin/src/pages/Dashboard.tsx)
Unknowns:
- No pricing or billing evidence found.
- No integrations/connectors evidence found.
- No route structure evidence found.
Security Posture
Lockfile ✖ · .env ✔ · node_modules ✔
Platform
Native modules: turbo
Code Quality
Files: 36 · Functions: 183 · Avg complexity: 2.62 · Avg length: 21.13 lines
Max nesting: 2 · Circular deps: 0 · Dead code: 0%
God files: apps/admin/src/pages/Products (448 lines)
Findings (12 errors, 5 warnings)
✖ Node.js runtime ">=18.0.0" is 4 major versions behind (latest: 22.0.0). Likely at or past EOL.
vibgrate/runtime-eol in .
⚠ 40% of dependencies are 2+ major versions behind in node-turborepo.
vibgrate/dependency-rot in .
✖ @types/node is 5 major versions behind (spec: ^20.11.0, latest: 25.9.3).
vibgrate/dependency-major-lag in .
✖ Vite is 3 major versions behind (current: 5.4.21, latest: 8.0.16).
vibgrate/framework-major-lag in apps/admin
✖ vite is 3 major versions behind (spec: ^5.0.12, latest: 8.0.16).
vibgrate/dependency-major-lag in apps/admin
✖ Vitest is 3 major versions behind (current: 1.6.1, latest: 4.1.8).
vibgrate/framework-major-lag in apps/api
✖ @types/node is 5 major versions behind (spec: ^20.11.0, latest: 25.9.3).
vibgrate/dependency-major-lag in apps/api
✖ vitest is 3 major versions behind (spec: ^1.2.1, latest: 4.1.8).
vibgrate/dependency-major-lag in apps/api
⚠ Next.js is 2 major versions behind (current: 14.2.35, latest: 16.2.9).
vibgrate/framework-major-lag in apps/web
✖ @types/node is 5 major versions behind (spec: ^20.11.0, latest: 25.9.3).
vibgrate/dependency-major-lag in apps/web
⚠ 44% of dependencies are 2+ major versions behind in @repo/config.
vibgrate/dependency-rot in packages/config
✖ eslint-plugin-react-hooks is 3 major versions behind (spec: ^4.6.0, latest: 7.1.1).
vibgrate/dependency-major-lag in packages/config
⚠ Prisma is 2 major versions behind (current: 5.22.0, latest: 7.8.0).
vibgrate/framework-major-lag in packages/database
✖ 50% of dependencies are 2+ major versions behind in @repo/database.
vibgrate/dependency-rot in packages/database
✖ Vitest is 3 major versions behind (current: 1.6.1, latest: 4.1.8).
vibgrate/framework-major-lag in packages/utils
⚠ 33% of dependencies are 2+ major versions behind in @repo/utils.
vibgrate/dependency-rot in packages/utils
✖ vitest is 3 major versions behind (spec: ^1.2.1, latest: 4.1.8).
vibgrate/dependency-major-lag in packages/utils
╔══════════════════════════════════════════╗
║ Top Priority Actions ║
╚══════════════════════════════════════════╝
1. Upgrade EOL runtime in node-turborepo
End-of-life runtimes no longer receive security patches and block ecosystem upgrades.
./.
>=18.0.0 → 22.0.0 (4 majors behind)
Impact: +10 points (runtime & EOL scores)
2. Fix security posture: no lockfile found
Without a lockfile, installs are non-deterministic. Run the install command to generate one and commit it.
./
Missing: package-lock.json, pnpm-lock.yaml, or yarn.lock
3. Upgrade Vite 5.4.21 → 8.0.16 in @repo/admin (+2 more)
3 major versions behind. Major framework drift increases breaking change risk and blocks access to security fixes and performance improvements.
./apps/admin
Vite: 5.4.21 → 8.0.16 (3 majors behind)
./apps/api
Vitest: 1.6.1 → 4.1.8 (3 majors behind)
./packages/utils
Vitest: 1.6.1 → 4.1.8 (3 majors behind)
Impact: +5–15 points
4. Reduce dependency rot in @repo/database (50% severely outdated)
2 of 4 dependencies are 2+ majors behind. Run `npm outdated` and prioritise packages with known CVEs or breaking API changes.
./packages/database
@prisma/client: 5.22.0 → 7.8.0 (2 majors behind)
prisma: 5.22.0 → 7.8.0 (2 majors behind)
Impact: +5–10 points
5. Reduce dependency rot in @repo/config (44% severely outdated)
4 of 9 dependencies are 2+ majors behind. Run `npm outdated` and prioritise packages with known CVEs or breaking API changes.
./packages/config
eslint-plugin-react-hooks: 4.6.2 → 7.1.1 (3 majors behind)
@typescript-eslint/eslint-plugin: 6.21.0 → 8.61.0 (2 majors behind)
@typescript-eslint/parser: 6.21.0 → 8.61.0 (2 majors behind)
eslint: 8.57.1 → 10.4.1 (2 majors behind)
Impact: +5–10 points
╔══════════════════════════════════════════╗
║ Architecture Layers ║
╚══════════════════════════════════════════╝
Archetype: monorepo (80% confidence)
Files classified: 29 (6 unclassified)
presentation 9 files drift ░░░░░░░░░░░░░░░░░░░░ 0 risk high
routing 4 files drift ░░░░░░░░░░░░░░░░░░░░ 0 risk high
middleware 2 files drift █████████████░░░░░░░ 63 risk moderate
domain 4 files drift ░░░░░░░░░░░░░░░░░░░░ 0 risk high
data-access 2 files drift ░░░░░░░░░░░░░░░░░░░░ 0 risk high
infrastructure 0 files drift ░░░░░░░░░░░░░░░░░░░░ 0 risk none
config 3 files drift ░░░░░░░░░░░░░░░░░░░░ 0 risk none
shared 5 files drift ░░░░░░░░░░░░░░░░░░░░ 0 risk high
testing 0 files drift ░░░░░░░░░░░░░░░░░░░░ 0 risk high
╔══════════════════════════════════════════╗
║ Drift Score Summary ║
╚══════════════════════════════════════════╝
Drift Score: 26/100
Risk Level: HIGH
Projects: 9
Classified: 9 micro · 0 small · 0 standard
Billable: 0 · 9 detected → 0 billable (micro-project pricing)
Score Breakdown
Runtime: ░░░░░░░░░░░░░░░░░░░░ 0
Frameworks: ███████████░░░░░░░░░ 56
Dependencies: ██░░░░░░░░░░░░░░░░░░ 12
EOL Risk: ░░░░░░░░░░░░░░░░░░░░ 0
Scanned at 2026-06-12T05:55:18.526Z · 21.2s · 344 files scanned · 56 workspace files · 24 dirs
Press Run to start.
Get your DSN — start scanning free
Create a workspace at dash.vibgrate.com · your DSN connects the CLI in one command
Try the full interactive demoGet your Drift Score in minutes.
Install the CLI, run one scan, see exactly how far behind your estate has drifted.
$npx @vibgrate/cli scan
No sign-up required · Results in under 60 seconds