JSPM

dependency-risk-analyzer

1.0.0
    • ESM via JSPM
    • ES Module Entrypoint
    • Export Map
    • Keywords
    • License
    • Repository URL
    • TypeScript Types
    • README
    • Created
    • Published
    • Downloads 2
    • Score
      100M100P100Q22069F
    • License MIT

    Analyze risks of npm dependencies: maintenance, downloads, and activity

    Package Exports

    • dependency-risk-analyzer
    • dependency-risk-analyzer/index.js

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (dependency-risk-analyzer) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    short description:

    Sometimes NPM packages themselves are malicious or risky (e.g., event-stream attack). This is basically a security linter for your package.json that flags maintainer risk, low update frequency, or suspicious patterns

    Dependency Risk Analyzer

    A lightweight CLI tool to evaluate npm package risk based on:

    • Maintainer count
    • Last update date
    • Monthly downloads

    Install

    npm install -g dependency-risk-analyzer

    Usage

    analyze-risk <package-name>

    Example

    analyze-risk express

    Returns a score from 0 to 6.