Know before you break.

Thirdwatch scans your codebase, maps every external dependency — APIs, SDKs, packages, databases — and tells you when one of them changes in a way that could break you.

Install CLI View on GitHub ★ 1

Terminal

$ thirdwatch scan .

✔ Scanning 847 files (Python, TypeScript)...

📦 4 packages 🌐 3 APIs 🔧 2 SDKs 🗄️ 2 infra 🔗 2 webhooks

TDM written to ./thirdwatch.json (13 dependencies found)

The Blind Spot

Your tools only cover part of your external surface area.

📦

Package Managers

Dependabot monitors your npm and pip packages. Your Stripe API version? Not covered.

🌐

API Monitoring

Uptime tools watch your APIs. The APIs you call? Also not covered.

🧪

Contract Testing

Contract testing needs you to write tests first. Thirdwatch just reads your code.

How It Works

Three steps. Zero configuration. Source code never leaves your machine.

Scan

Run thirdwatch scan locally. It uses tree-sitter to parse your code and find every external dependency.

Map

Get a TDM — a structured JSON manifest of every API, SDK, package, database, and webhook your code touches.

MonitorPhase 2

Upload the TDM. Thirdwatch watches for breaking changes across all your dependencies and alerts you.

See What Thirdwatch Finds

Real output from scanning a Python payments service. This is what a Thirdwatch Dependency Manifest looks like.

[
  {
    "id": "pkg:pypi/stripe@7.0.0",
    "name": "stripe",
    "ecosystem": "pypi",
    "current_version": "7.0.0",
    "version_constraint": ">=7.0.0",
    "manifest_file": "requirements.txt",
    "locations": [
      {
        "file": "requirements.txt",
        "line": 3
      }
    ],
    "usage_count": 1,
    "confidence": "high"
  },
  {
    "id": "pkg:pypi/requests@2.31.0",
    "name": "requests",
    "ecosystem": "pypi",
    "current_version": "2.31.0",
    "version_constraint": ">=2.28.0",
    "manifest_file": "requirements.txt",
    "locations": [
      {
        "file": "requirements.txt",
        "line": 5
      }
    ],
    "usage_count": 12,
    "confidence": "high"
  },
  {
    "id": "pkg:pypi/psycopg2-binary@2.9.9",
    "name": "psycopg2-binary",
    "ecosystem": "pypi",
    "current_version": "2.9.9",
    "version_constraint": ">=2.9.0",
    "manifest_file": "requirements.txt",
    "locations": [
      {
        "file": "requirements.txt",
        "line": 8
      }
    ],
    "usage_count": 3,
    "confidence": "high"
  },
  {
    "id": "pkg:pypi/boto3@1.34.0",
    "name": "boto3",
    "ecosystem": "pypi",
    "current_version": "1.34.0",
    "version_constraint": ">=1.30.0",
    "manifest_file": "requirements.txt",
    "locations": [
      {
        "file": "requirements.txt",
        "line": 10
      }
    ],
    "usage_count": 5,
    "confidence": "high"
  }
]

From thirdwatch.json — github.com/acme/payments-service

Install in Seconds

One command. No configuration. Start scanning immediately.

$ npm install -g thirdwatch

Then run: thirdwatch scan /path/to/your/repo