NPM.SupplyChain (NPM v0.6.0)

Copy Markdown View Source

Evaluates supply chain security posture of a project's dependencies.

Combines multiple signals: provenance, integrity, deprecations, phantom deps, and package age.

Summary

Functions

assess(pkg_data, lockfile)

Assesses supply chain risk.

format(assessment)

Formats assessment for display.

risk_score(assessment)

Computes a risk score (0-100, lower is better).

Functions

assess(pkg_data, lockfile)

@spec assess(map(), map()) :: map()

Assesses supply chain risk.

format(assessment)

@spec format(map()) :: String.t()

Formats assessment for display.

risk_score(assessment)

@spec risk_score(map()) :: non_neg_integer()

Computes a risk score (0-100, lower is better).