What is vendor lock-in and why does it matter?

Vendor lock-in is the degree to which your app depends on one provider's proprietary primitives - Vercel ISR, Cloudflare Durable Objects, AWS DynamoDB, Firebase Firestore - so that leaving means rewriting code, not just redeploying. It matters because it removes your leverage: when the provider raises prices, changes terms, or has an outage, you cannot move without a project. This checker shows, line by line, what ties you to a provider and what it would take to leave.

Is it safe to paste my package.json here?

Yes. The checker runs entirely in your browser with JavaScript. Nothing you paste is uploaded, logged, or sent to any server - you can disconnect from the network and it still works. It only reads dependency names and config keywords; it does not need your source code or secrets.

How is the lock-in score calculated?

Each provider-specific dependency or config primitive is weighted by how hard it is to leave: a portable Postgres client scores nothing, a Vercel analytics package scores low, ISR or Cloudflare Workers KV scores medium, and a managed proprietary datastore like DynamoDB, Firestore, or a Durable Object scores high because the data and its access pattern have to be re-platformed. The headline percentage is a summary; the real answer is the line-by-line inventory below it, which you can verify yourself.

Does using a provider mean I should leave it?

No. Lock-in is not automatically bad - managed primitives buy you speed. The point is to know your exposure before the provider's incentives diverge from yours, so the decision to stay is a choice and not a trap. The checker also lists what you would inherit operationally if you did move to infrastructure you own: backups, monitoring, updates, and DDoS protection that the platform handled invisibly.

Free tool · Runs in your browser · Nothing uploaded

How locked in is your app?

Paste your package.json and any config (vercel.json, wrangler.toml, fly.toml, serverless.yml, Procfile…). You get an instant read on how tied your app is to one provider — line by line — and exactly what it would take to leave. No signup. Nothing leaves your browser.

100% client-side

Why lock-in is the thing to measure

Every visible cloud horror story — the surprise five-figure bill, the provider that 10x'd its pricing, the outage you couldn't route around — has the same root cause underneath it: you were trapped on infrastructure you don't control, and leaving cost more than staying. Lock-in is that trap, measured before it closes.

It isn't created by hosting somewhere. It's created by adopting a provider's proprietary primitives — Vercel's ISR and edge runtime, Cloudflare's Durable Objects and Workers KV, AWS's DynamoDB and Lambda event shapes, Firebase's Firestore. A Postgres database behind a standard driver is portable; the same data behind a managed proprietary store is a re-platforming project. The difference is invisible until you try to leave, which is the worst possible time to find out.

This checker makes it visible early. It reads the dependencies and config keywords that signal coupling, weights each by how hard it is to unwind, and shows you the inventory so you can verify every line yourself. That's the whole point — trust by inspection, not a number you have to take on faith.

Related free tools

Cloud exit-cost calculatorWhat it costs to leave Bill-shock predictorWill your bill surprise you?Migration scaffold generatorDockerfile + runbook to leave Self-hosting cost estimatorYour cost on a box you own

All free tools →

Knowing your exposure is step one. Owning the runtime is step two.

Infraveil is the control plane for running your backend on servers you own — it consolidates the deploy, supervision, security, recovery, and audit trail you'd otherwise rebuild by hand when you leave a managed platform. Same portability, none of the lock-in.

See how it works

Get the deeper portability playbook

A short, practical guide to de-risking provider lock-in and moving workloads to infrastructure you own — no spam, unsubscribe anytime.

How locked in is your app?

What is tying you down

If you moved this to a box you own…

Why lock-in is the thing to measure

Knowing your exposure is step one. Owning the runtime is step two.

Get the deeper portability playbook