How much of your project isn't yours?

As developers, we use other people’s code to get our products into production faster. Using third party packages allows us to benefit from the tremendous work of the open source community and has now become an instrumental part of our development workflow.

Let's dive deeper into this…

We've analyzed over 100,000 projects at bitHound.

We found that the majority of a project's code is made up of dependencies.

In fact the code we write is just the tip of the iceberg.

So if the majority of the code in your project isn’t your own, it begs the question:

Just what impact does other people’s code have on your project?

There are so many questions about the dependencies that lie beneath the surface…

  • Are the dependencies being actively maintained?
  • Are we using the latest version of the dependency?
  • Are there better alternatives?
  • How risky is an upgrade to the latest version?
  • Do licenses in the package put our IP at risk?
  • Are there security advisories?
  • And how deep do they go?

How do open source projects breakdown?


24.18%Project Code
42.07%Dependency Code
33.75%Dev-Dependency Code

Dependency Breakdown

  • 40 Dependencies
  • 29 Dev-Dependencies

  • 41 Outdated Dependencies
  • 5 Insecure Dependencies


15.67%Project Code
61.98%Dependency Code
22.35%Dev-Dependency Code

Dependency Breakdown

  • 92 Dependencies
  • 30 Dev-Dependencies

  • 72 Outdated Dependencies
  • 3 Insecure Dependencies
  • 1 Deprecated Dependency


4.38%Project Code
57.69%Dependency Code
37.93%Dev-Dependency Code

Dependency Breakdown

  • 6 Dependencies
  • 4 Dev-Dependencies

  • 6 Outdated Dependencies
  • 1 Insecure Dependencies
treasure chest
Dive into your projects now