Supply-chain security audit for npm packages, as an MCP tool and a pay-per-call x402 endpoint. Cross-references known CVE/GHSA advisories (OSV.dev) and detects typosquatting, malicious install scripts, token/credential exfiltration and other red flags BEF
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Supply-chain security audit for npm packages, as an MCP tool and a pay-per-call x402 endpoint. Cross-references known CVE/GHSA advisories (OSV.dev) and detects typosquatting, malicious install scripts, token/credential exfiltration and other red flags BEF