Dependency security analyzer for Node.js projects. Upload a `package.json` (and optionally `package-lock.json`) and get a weighted security score from 0 to 100 across six dimensions: known vulnerabilities via OSV, dependency hygiene, license risk, maintainer health, download popularity, and typosquatting detection.
When a lockfile is provided, the full transitive dependency tree is scanned with depth-weighted scoring — direct dependencies hit harder than deeply nested ones. Includes remediation hints showing which version patches each CVE and which direct dependency to upgrade for transitive issues.
Ships with a CLI mode for CI/CD pipelines, a GitHub Action, and CycloneDX SBOM export. The web UI features a force-directed dependency graph visualization and a retro-cyberpunk CRT aesthetic.