Helping maintainers assess software packages for long term risk
  • Filter hundreds of dependencies to a few for review
  • Use plugins to run only the analyses you choose
  • Configure scoring to decide when to investigate further
macOS Linux Windows
Other methods → 
curl -LsSf https://mitre.github.io/hipcheck/dl/install.sh | sh
Read the Docs
Analyzing
pkg:github/example/project
mitre/activity
Is the project maintained? Active. Last commit 7 days ago.
Pass 50% weight
mitre/review
Are there code reviews? Code reviews common on PRs
Pass 30% weight
mitre/binary
Are there binaries in the repo? Warning: found prebuilt, prebuilt.exe
Investigate 20% weight
0.2 Risk Score is ≤ 0.5 Risk Policy so Pass Result

Maintainers don't need drive-by comments with best practice scanner results, they need insights to make dependencies work for them.

We’re not building Yet Another Analysis Tool, we’re building an analysis swiss army knife you can extend, modify, and own.

Hipcheck’s plugin system means anyone can add new data sources and analyses, and users control what runs and what gets recommended.

We wear our values on our sleeves, and we’re proud to be working for regular maintainers.