Project scanner

Scan any GitHub repo.
See every risk.

Enter a repo URL or paste a dependency file. Scores every dependency on behavioral signals — publisher depth, release consistency, project longevity. Flags the packages that match real supply chain attack profiles.

GitHub repository URL

Auto-detects package.json, requirements.txt, Cargo.toml, and go.mod. Public repos only. How scores work →

or paste a dependency file directly

Paste your package.json below

Scans dependencies + devDependencies. No data stored. How scores work →

Package	Score	Risk	Maintainers	Weekly DL	Age	Trend

Get this in your AI assistant

{
  "mcpServers": {
    "commit": {
      "type": "streamable-http",
      "url": "https://poc-backend.amdal-dev.workers.dev/mcp"
    }
  }
}

Add to Claude Desktop or Cursor. Then: "Audit my package.json for supply chain risk"

Scan any GitHub repo. See every risk.

Scan any GitHub repo.
See every risk.