Security

Supply Chain Security API

Block malicious or deprecated packages before they enter your build. Free.

What we flag

Known vulnerabilities from OSV, GHSA, NVD
Deprecated packages still getting downloads
Typosquatting candidates (lookalike names)
Single-maintainer risk and low bus factor
License conflicts across transitive dependencies
Large, unmaintained, or unpublished packages

Integrate in 30 seconds

curl https://depscope.dev/api/check/npm/left-pad

Call once before any install. Free tier: 200 req/min, no auth. API docs.