Know Your Dependencies

Explore package security, vulnerabilities, and transitive dependencies across NPM, PyPI, Hex, Crates.io, vcpkg, Zig, NuGet, Maven, and Packagist ecosystems

Supply Chain Attacks

The NPM ecosystem has seen thousands of malicious packages targeting developers. Understanding your dependencies is the first line of defense.

Transitive Dependencies

A single package can pull in dozens of dependencies. Each one is a potential security risk that needs monitoring and evaluation.

Stay Informed

Track vulnerabilities, license compliance, and maintenance status to make informed decisions about your project's dependencies.

Popular Packages

NPM

styled-components

Fast, expressive styling for React.

v6.4.3

45M/month

vue

The progressive JavaScript framework for building modern web UI.

v3.5.39

54M/month

vitest

Next generation testing framework powered by Vite

v4.1.9

249M/month

redux

Predictable state container for JavaScript apps

v5.0.1

146M/month

The Growing Threat of Supply Chain Attacks

Since 2018, over 227,904 malicious packages have been discovered across NPM and PyPI registries. The threat is accelerating: 191,383 malicious packages were detected in NPM in 2025 — a 2,199% increase compared to all of 2024.

According to industry research, modern applications average 80+ direct dependencies and 1000+ transitive dependencies, creating a massive attack surface that requires constant vigilance and proactive security measures.

View Detailed Statistics