Limier

Appearance

LimierUnderstand what a dependency upgrade actually did

Limier compares two versions of the same dependency in a controlled fixture and tells you whether the change looks safe, needs review, should be blocked, or should be rerun.

Get Started
Use In CI
Review Your Project
Limier logo

Compare the same workflow twice

Limier runs your baseline and candidate dependency versions in the same fixture, with the same scenario, so the diff is easier to trust.

See a reviewer-facing outcome

The result is intentionally simple: `good_to_go`, `needs_review`, `block`, or `rerun`, with a JSON report, Markdown summary, and evidence bundle.

Use it where reviews already happen

Run Limier locally while investigating a package upgrade or wire it into CI to review dependency changes automatically.

What Is Limier?

Limier is a CLI tool for one narrow job: compare a baseline dependency version with a candidate version inside the same sample application, capture what changed, and tell a reviewer what to do next.

It is especially useful when you want to answer questions like:

  • Did this dependency start launching a new process?
  • Did install-time behavior change?
  • Did the package stop behaving the same way in a realistic sample app?
  • Is this difference benign, suspicious, or too noisy to trust?

Limier is intentionally not a general-purpose application security scanner. It is focused on dependency behavior drift.

How A Review Works

  1. Pick the dependency you want to review.
  2. Point Limier at a fixture that uses that dependency.
  3. Give Limier a scenario that says how to install and exercise the fixture.
  4. Run the same scenario against the current version and the candidate version.
  5. Inspect the verdict, findings, and evidence.

Supported Ecosystems

The current adapters are:

  • npm
  • pip
  • cargo

Start Here

Built with VitePress.

Copyright © 2026 room215