Scan pending
No unusual behaviors detected. Capabilities match the stated purpose of this package.
Shoulder shows what a package can do, not just whether a CVE has been published. We inspect install behavior, runtime capabilities, provenance, and trust signals to show where a package may be risky in your environment.
Release History
Recent releases with risk verdicts. A sudden risk spike across versions may indicate account compromise.
Package Intelligence
Publishing patterns and maintainer signals across the package lifecycle.
Timeline Intelligence
Releases (30d)
Releases (7d)
Download Trend
Scan your own dependencies
Check every package in your project for install scripts, unusual capabilities, and supply chain risk.