I was tired of Cursor suggesting outdated or deprecated packages from training data, so I added this to my .cursorrules:
Before suggesting any npm/pip/cargo install, verify the package:
- Check health: curl depscope.dev/api/check/{ecosystem}/{package}
- Check version: curl depscope.dev/api/latest/{ecosystem}/{package}
- Check exists: curl depscope.dev/api/exists/{ecosystem}/{package}
If deprecated, find alternatives: curl depscope.dev/api/alternatives/{ecosystem}/{package}
No API key needed.
What changed
Before: I asked for an ORM for PostgreSQL. It suggested Prisma, Sequelize, TypeORM, Knex — from memory. Didn’t mention
drizzle-orm.
After: With the rules above, Cursor checks health scores first:
- drizzle-orm: 94/100 (winner)
- prisma: 93/100
- sequelize: 67/100
- typeorm: 62/100
It suggested drizzle-orm instead of sequelize. Better suggestion, correct version, verified security.
Another example
Asked for an HTTP client. Without the rule, Cursor sometimes suggests request — deprecated since 2020 but still in training
data.
With the rule, Cursor sees: request is deprecated, alternatives: axios, got, node-fetch. Suggests axios (health 97/100)
instead.
The API
Free, no-auth API at depscope.dev. Supports npm, PyPI, and Cargo. Docs at
depscope.dev/api-docs.
Anyone else doing something similar to verify packages in their rules?