Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
Nothing found by this check. ✓
Your dependencies cross-checked against the OSV vulnerability database.
PYSEC-2026-215 Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions priorPYSEC-2026-88 Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is GHSA-2h4p-vjrc-8xpq Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookupGHSA-3v7f-55p6-f55p Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob MatchingGHSA-c2c7-rcm5-vvqj Picomatch has a ReDoS vulnerability via extglob quantifiersGHSA-3v7f-55p6-f55p Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob MatchingGHSA-c2c7-rcm5-vvqj Picomatch has a ReDoS vulnerability via extglob quantifiersGHSA-qx2v-qp2m-jg93 PostCSS has XSS via Unescaped </style> in its CSS Stringify OutputGHSA-4w7w-66w2-5vf9 Vite Vulnerable to Path Traversal in Optimized Deps `.map` HandlingGHSA-fx2h-pf6j-xcff vite: `server.fs.deny` bypass on Windows alternate pathsGHSA-p9ff-h696-f583 Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocketGHSA-v6wh-96g9-6wx3 launch-editor: NTLMv2 hash disclosure via UNC path handling on WindowsGHSA-4x5r-pxfx-6jf8 @babel/core: Arbitrary File Read via sourceMappingURL CommentCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.