# Ecosystem Intelligence - Shoulder

Developer security intelligence. Check packages, CVEs, and CWEs. Get context, not just alerts.

## Stats

- Total rules: 347
- CWE coverage: 94
- Languages: javascript, typescript, python, dockerfile, go, yaml, kubernetes

## Top CWEs

- **CWE-200**: Exposure of Sensitive Information to an Unauthorized Actor (14 rules)
- **CWE-20**: Improper Input Validation (13 rules)
- **CWE-798**: Use of Hard-coded Credentials (11 rules)
- **CWE-94**: Improper Control of Generation of Code ('Code Injection') (10 rules)
- **CWE-250**: Execution with Unnecessary Privileges (10 rules)
- **CWE-942**: Permissive Cross-domain Policy with Untrusted Domains (9 rules)
- **CWE-400**: Uncontrolled Resource Consumption (8 rules)
- **CWE-639**: Authorization Bypass Through User-Controlled Key (8 rules)