Audit a package's dependencies for risks.

Checks each dependency for retired versions, stale packages, single-owner packages, and known vulnerabilities via OSV.dev.