GitHub repository URL

Prefers lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml) for transitive deps; falls back to package.json, requirements.txt, Cargo.toml, go.mod. Monorepos: paste the subdirectory URL. Public repos only. How scores work →

or paste a dependency file directly

Paste your package.json below

Scans dependencies + devDependencies. No data stored. How scores work →

Package	Score	Risk	Maintainers	Weekly DL	Age	Trend

Get this in your AI assistant

{
  "mcpServers": {
    "commit": {
      "type": "streamable-http",
      "url": "https://poc-backend.amdal-dev.workers.dev/mcp"
    }
  }
}

Add to Claude Desktop or Cursor. Then: "Audit my package.json for supply chain risk"

Scan any GitHub repo. See every risk.

Scan any GitHub repo.
See every risk.