u/Amar_Jaleel

▲ 1 r/securityCTF+1 crossposts

I built a tool that proves your npm vulnerability fixes won't break your build before you merge

npm audit fix tells you a CVE is patched. It doesn't tell you if the patch breaks your tests, changes an API, or silently downgrades a transitive dep you actually need.

Built VeriPatch to close that gap: it scans for vulns, applies the fix in a sandbox, runs your test suite against it, and generates an audit-grade evidence report showing the fix is actually safe — not just "applied."

Useful if you've ever ignored Dependabot PRs because you didn't trust them enough to click merge.

Repo: https://github.com/amarjaleelbanbhan/VeriPatch

Feedback welcome.

u/Amar_Jaleel — 2 days ago