Find which of a GitHub repository's dependencies are sponsorable via GitHub Sponsors. Uses deps.dev API for dependency resolution across npm, PyPI, Cargo, Go, RubyGems, Maven, and NuGet. Checks npm funding metadata, FUNDING.yml files, and web search. Verifies every link. Shows direct and transitive dependencies with OSSF Scorecard health data. Invoke with /sponsor followed by a GitHub owner/repo (e.g. "/sponsor expressjs/express").
Discover opportunities to support the open source maintainers behind your project's dependencies. Accepts a GitHub owner/repo (e.g. /sponsor expressjs/express), uses the deps.dev API for dependency resolution and project health data, and produces a friendly sponsorship report covering both direct and transitive dependencies.
When the user types /sponsor {owner/repo} or provides a repository in owner/repo format:
owner and repo.GetDependencies (one call).GetVersion for each dep → relatedProjects gives GitHub repo.GetProject for unique repos → OSSF Scorecard.funding field, FUNDING.yml, web search fallback.Use get_file_contents to fetch the manifest from the target repo. Determine the ecosystem and extract the package name + latest version:
| File | Ecosystem | Package name from | Version from |
|---|---|---|---|
package.json | NPM | name field | version field |
requirements.txt | PYPI | list of package names | use latest (omit version in deps.dev call) |
pyproject.toml | PYPI | [project.dependencies] | use latest |
Cargo.toml | CARGO | [package] name | [package] version |
go.mod | GO | module path | extract from go.mod |
Gemfile | RUBYGEMS | gem names | use latest |
pom.xml | MAVEN | groupId:artifactId | version |
This is the key step. Use web_fetch to call the deps.dev API: