I built gh-dep-risk as an AI-assisted GitHub CLI extension for on-demand dependency pull request review. The project started as a small npm-focused reviewer tool. The v0.2.0 release expands the local fallback coverage while keeping the same design boundary: GitHub Dependency Review API first, static local fallback second, no server, no dashboard, and no package-manager command execution. What changed in v0.2.0 gh-dep-risk can now inspect direct dependency changes from more repository file shapes when GitHub Dependency Review is unavailable: npm, pnpm, and Yarn Classic remain supported. Python direct fallback supports requirements.txt and PEP 621 pyproject.toml declarations. Poetry fallback reads Poetry dependency declarations and can enrich direct changes from poetry.lock . uv.lock can enrich PEP 621 direct dependency changes with resolved version/source details. Go modules fallback reads go.mod require and replace changes, while treating go.sum as checksum evidence only.…