Score GitHub Repos by Dependency Risk
Instantly analyze any GitHub repository. We scan package.json and requirements.txt against vulnerability databases, npm, and PyPI — then generate a comprehensive risk score.
Fetch Dependencies
We pull package.json and requirements.txt directly from any public or private GitHub repo you authorize.
Cross-Reference CVEs
Every dependency is checked against OSV, GitHub Advisory, npm audit, and PyPI vulnerability databases.
Risk Score Report
Get a 0–100 risk score with breakdowns by severity, outdated versions, and maintainer activity signals.
Simple Pricing
- ✓Unlimited repo scans
- ✓CVE & vulnerability detection
- ✓Outdated dependency alerts
- ✓Maintainer activity scoring
- ✓npm + PyPI support
- ✓Shareable risk reports
FAQ
Which package ecosystems are supported?+
We currently support npm (package.json) and PyPI (requirements.txt). Support for Cargo, Go modules, and Maven is on the roadmap.
Do you store my GitHub credentials?+
No. We use short-lived OAuth tokens scoped only to read repository contents. We never store your credentials or private code.
How is the risk score calculated?+
The score weighs CVE severity (CVSS), number of outdated dependencies, time since last maintainer commit, and download trend signals — producing a 0–100 composite risk index.