Developer Security

Know if an npm package is safe before you install it

Paste a package name and get an instant A-F security grade based on vulnerability scans, maintenance health, and supply chain risk.

Analyze Package →

Full analysis unlocked with a subscription. No credit card required to preview.

A
Safe to use
C
Use with caution
F
High risk

Simple Pricing

Pro
$9
per month
  • Unlimited package scans
  • Full A-F security grade breakdown
  • CVE & vulnerability details
  • Supply chain risk analysis
  • Maintenance & activity metrics
  • API access for CI/CD pipelines
Get Started for $9/mo

Cancel anytime. Instant access.

Frequently Asked Questions

What data sources do you use for scoring?

We aggregate data from the npm registry, OSV vulnerability database, Snyk advisories, and GitHub repository metrics to compute a comprehensive A-F grade.

How is the A-F grade calculated?

The grade weighs known CVEs (40%), maintenance activity (30%), and supply chain risk factors like typosquatting and maintainer count (30%).

Can I check private or scoped packages?

Yes. Scoped packages like @org/package are fully supported. Private packages require an npm token configured in your account settings.