Pick an ecosystem and enter a package name, or paste a lockfile.
Try: lodash (npm), requests (pypi), com.google.guava:guava (maven), github.com/gin-gonic/gin (go), Newtonsoft.Json (nuget)
Try a typosquat: loadsh (npm), panda (pypi)
Try a confirmed-malicious: event-stream, ua-parser-js (npm)
Grade reflects only findings affecting the currently published version. Historical advisories on older versions are listed but don't count toward the letter grade.
Universal signals run on every package: typosquat distance vs popular-package baselines, package age, single-maintainer risk, missing repository link, Unicode homoglyphs, and stale releases.
Ecosystem-specific signals add: npm install scripts, sigstore provenance, bin name collisions; PyPI sdist-only releases, PEP 740 attestations, yanked versions; Maven reverse-DNS namespace conventions; Go import path host checks; NuGet unlisted/deprecated state.
Confirmed-malicious means MAL-* advisory IDs (OpenSSF Malicious Packages), database_specific.malware markers from GHSA, or matched malware keywords (backdoor, info-stealer, protestware, …) in the advisory body.
Not checked: package source contents, install-time behavior in a sandbox, transitive depth past top-level lockfile parse, runtime telemetry. supplycheck is a registry+OSV signal aggregator — for content-aware analysis, use a dedicated scanner.
Heuristic ≠ verdict. A high-severity heuristic finding doesn't mean malicious. An info finding doesn't mean safe. The grade is a starting point for a human review, not a decision.