Evidence-first npm package and project dependency checks for developers, coding agents, and MCP clients before code executes.
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Evidence-first npm package and project dependency checks for developers, coding agents, and MCP clients before code executes.