Hipcheck is a tool for analyzing software packages from hosts like NPM, PyPI, and Maven, and source repositories like GitHub, GitLab, Sourcehut, and more. It assesses the practices a project follows for building their software, and tries to detect active supply chain attacks as well.
Use Hipcheck to filter hundreds of dependencies to just a few you can manually review!
Read the Docs Try Hipcheck!Audit a project’s development practices, like code review, fuzz testing, and active maintenance, automatically!
Keep only the analyses that matter to you, change how they contribute to scoring, and how much risk you’re willing to tolerate.
Many software projects use hundreds of open source dependencies! Filter that list to something manageable with Hipcheck