About DepVitals

Guillermo Guerini wrote his first line of code at 13, working part-time after school at a software house in Brazil. By 16 he had his first full-time job. Over the next 25 years he worked across a wide range of industries and tech stacks: .NET, Java, and eventually Ruby on Rails, after watching the famous How to build a blog in 15 minutes with Rails video and having his mind blown.

After moving to the United States, Guillermo joined a Rails shop where he learned from some of the best engineers he’d ever worked with. One lesson stuck with him above all others: dependency management isn’t just housekeeping. It’s risk mitigation.

Before Dependabot existed, Guillermo was doing the job manually. He’d scan every project for outdated dependencies, read the changelogs, and open individual PRs one by one. A human Dependabot, years before the tool existed. (A missed opportunity? Maybe. The experience? Invaluable.)

Today, Dependabot is everywhere, and that’s a good thing. But having a tool that opens PRs is only half the battle. When teams are deep in feature work, those PRs get ignored. Alerts accumulate. On large, aging codebases with shared ownership, the backlog of ignored PRs grows faster than anyone can keep up. Before long, nobody knows how bad things really are, or where to even start.

That’s why DepVitals exists. Not to replace Dependabot, but to answer the question it can’t: how bad is it, across everything, right now?