Skip to main content

Find alternatives for a package with Trusty

Developers frequently encounter the need to seek alternative packages to those they're familiar with, either due to security concerns, compatibility issues, changing dependencies, or the search for enhanced performance and functionality. Trusty uses generative AI to provide a list of related packages and their scores, to help developers find and assess alternative dependencies.

The Need for Alternative Packages

Locating a suitable alternative can sometimes be driven by:

  • Security concerns or vulnerabilities.
  • Compatibility or dependency challenges.
  • Searching for better performance or features.
  • Seeking more actively maintained packages.
  • Evolving project requirements.
  • Visit the Trusty website and navigate to the search bar. Trusty Website
  • Type the package name of interest (e.g., "next" for npm). Trusty Package Search
  • From the listed options, select the package that best fits your search. Trusty Packages Results
  • Once on the package's page, you'll be presented with a comprehensive overview, including the Trusty Score – a reliable indicator of a package's trustworthiness. Trusty Packages Alternatives

Exploring Alternative Packages

Scroll down to the bottom of the page, where you'll find the 'Alternative Packages' section. Here, you'll see a list of similar packages along with their respective Trusty Scores. This score is crucial as it offers an overall assessment of a package's risk based on repo and author activity.

Keeping it real:

  • Proactive Analysis: For packages not previously sought on Trusty, you might experience a brief delay before alternatives appear. This momentary pause is due to Trusty's real-time assessment, ensuring the presentation of precise and reliable alternatives.

  • Feedback Mechanism: If a suggested alternative doesn't align with your needs or seems off the mark, don't hesitate to submit a ticket and share your thoughts via the Provide Feedback link on the package page. We greatly appreciate user feedback and are consistently fine-tuning our system to heighten the relevance and accuracy of our recommendations.

  • LLM Disclaimer: Please be aware that Trusty utilizes Large Language Models (LLMs) in the process of identifying potential alternative packages. While LLMs are powerful, they might occasionally produce unintended or unexpected results, sometimes known as "hallucinations." Trusty gates hallucinations by passing all LLM package recommendations through the trusty PCA model. This way package alternatives recommended by the large language model verified as existing and assessed for risks and activity such as typosquatting. This helps negates against LLM poison attacks.

Always double-check the suggested packages and ensure they truly cater to your specific requirements before integrating them into your projects.