Stop babysitting
your dependencies.
ovvoc automatically updates, tests, and opens PRs — even for breaking changes. The only tool that solves all 25 categories of npm updates.
Works with your stack
The Problem
Your npm dependencies are a ticking time bomb
Most teams know their deps are outdated. Few have time to fix them.
of npm projects have critical outdated dependencies
more time on manual updates than building features
of teams delay dependency updates for over 6 months
How It Works
From install to merged PR in four steps
Connect
Install the GitHub App in 30 seconds. Pick which repos to monitor.
Monitor
Ovvoc watches the npm registry 24/7 for new versions and security patches.
Update & Test
Clone, update, transform code, build, and test — all in an isolated container.
Review & Merge
Get a PR with test results, confidence score, and description of every change.
Features
Everything you need to keep dependencies healthy
More than version bumps. ovvoc understands your code and makes the changes needed to keep it working.
Breaking Change Resolution
Handles Express 4→5, React class→hooks, ESLint flat config, and all 25 categories. Deterministic AST transforms rewrite your code correctly.
Learn moreAI-Assisted Migration
When rules aren't enough, scoped AI fills the gap — validated, budget-controlled, and never deployed without passing tests.
Learn moreZero-Breakage Guarantee
Tests fail? We report, never PR. Your main branch stays safe. Every update is verified before it reaches you.
Learn moreMulti-Package Coordination
React + React-DOM + @types/react updated atomically. No version mismatch. Coordinated upgrades across your entire dependency graph.
Learn moreSecurity & Isolation
Patches applied within hours of advisory disclosure. No manual CVE triage. Your dependencies stay secure around the clock.
Learn moreFull Visibility
Failure reports, pipeline logs, confidence scores, and rich PR descriptions for every single update. Nothing is a black box.
Learn moreThe Differentiator
Other tools bump versions. We solve breaking changes.
Dependabot and Renovate handle the easy 70%. Ovvoc handles all 25 categories, including the hard 30% that no one else touches.
- Paradigm shifts (class → functional)
- Router API changes (React Router 5→6→7)
- Build system migrations (Webpack 4→5, ESLint 8→9)
- ORM breaking changes (Prisma, Sequelize, TypeORM)
- Multi-package coordination (atomic React ecosystem updates)
- Middleware & plugin API changes (Express, Fastify)
- Test framework migrations (Jest, Mocha, Vitest)
- Type system changes (@types/* compatibility)
Update Categories Handled
Compare
See why teams switch to ovvoc
Other tools create the PR. You still fix the code. ovvoc does both.
Dependabot
Version bumps only
- Version bumps
- Security alerts
- Breaking change fix
- Code transforms
- Build & test before PR
- Multi-package atomic PRs
- AI-assisted migration
- Failure reports
- Isolated containers
Bumps the version, breaks your code. You fix it.
Renovate
Configurable, still limited
- Version bumps
- Security alerts
- Breaking change fix
- Code transforms
- Build & test before PR
- Multi-package atomic PRs
- AI-assisted migration
- Failure reports
- Isolated containers
More config options, same unsolved breaking changes.
ovvoc
All 25 categories solved
- Version bumps
- Security alerts
- Breaking change fix
- Code transforms
- Build & test before PR
- Multi-package atomic PRs
- AI-assisted migration
- Failure reports
- Isolated containers
Updates, transforms, builds, tests, then opens the PR.
Security
Built for teams that take security seriously
Your code is treated with the same care you give it.
Ephemeral Containers
Your code runs in isolated containers destroyed after every job. Nothing persists.
No Code Storage
Code is cloned, processed, and destroyed. We never store your source code.
Network Isolation
Build and test stages run with zero outbound network access.
Self-Hosted Option
Enterprise customers run the Ovvoc agent on their own infrastructure.
Minimal Permissions
Only repo read + PR write access. Short-lived tokens expire after each job.
Encrypted at Rest
All metadata and configuration encrypted with AES-256.
Pricing
Invest in your codebase, not in maintenance
No per-seat pricing. No hidden fees. Every plan includes all 25 update categories.
Starter
7-day free trialFor a single project that needs to stay current.
$490 billed annually
- 1 repository included
- All 25 update categories
- AI-assisted code migration
- Breaking change resolution
- Multi-package coordination
- Build & test in isolated container
- Extra repos: $49/mo each
- Email support (48h)
Growth
For startups with a growing codebase.
$2,490 billed annually
- 6 repositories included
- Everything in Starter
- Extra repos: $40/mo each
- Email support (24h)
Pro
For teams managing multiple projects.
$4,990 billed annually
- 20 repositories included
- Everything in Growth
- Extra repos: $25/mo each
- Priority email support (8h)
Scale
For engineering orgs managing many codebases.
$9,990 billed annually
- 50 repositories included
- Everything in Pro
- Extra repos: $20/mo each
- Priority support + Slack (4h)
Enterprise
Unlimited repositories, dedicated account manager, custom integrations, and priority support with guaranteed response times.
FAQ
Frequently asked questions
Everything you need to know about ovvoc.
Stop maintaining.
Start shipping.
Join teams that spend their time building features, not babysitting package.json.