npm-risk is a zero-dependency CLI that checks npm packages for basic supply-chain risk signals before you install them. It looks at publish recency, install scripts, dependencies, maintainers, known vulnerabilities, and GitHub health, then gives you a simple LOW / MEDIUM / HIGH risk score. Try it: npx npm-risk For more in-depth information: https://medium.com/@Freedruk/npm...