Description
Malicious open source package risk can be checked before developers install or depend on new code. This command-line security tool helps inspect package metadata and supply-chain signals. It may query online services and report dependency details, so project inventory and credentials should be handled carefully.