LockDrift

LockDrift is a web app (with optional GitHub/GitLab app) that detects and prevents “dependency drift” across repos: when teams think they’re on the same versions but aren’t, leading to inconsistent builds, surprise CVEs, and broken deploys. It continuously scans manifests and lockfiles (npm, pnpm, Yarn, pip, Poetry, Maven/Gradle, Go modules), maps shared libraries across services, and flags risky divergence (major-version splits, transitive pin mismatches, unreviewed lockfile churn). It proposes safe, staged upgrade plans with PRs that are grouped by blast radius and tested via CI signals you already have. It also enforces policies like “no floating ranges in prod” and “lockfile must match manifest,” with exceptions tracked and expiring. This is not a generic SCA tool; it’s a practical consistency and rollout manager that reduces build breakage and upgrade chaos in multi-repo environments.