Track fragile repos, inspect signals, and grow the training base as new analyses land.

Short path, clear evidence, no fake certainty.

Inactivity risk

A triage-oriented estimate of maintenance fragility based on public repository activity, release rhythm, contributor depth, and backlog signals.

Provenance

Every analysis keeps the source of its signals visible so reviewers can trace what came from GitHub, Scorecard, uploads, or demo data.

Confidence

Confidence measures signal coverage, not certainty about the real world. Missing or stale data lowers it.

Training base

Completed analyses are converted into dependency snapshots so the ML pipeline can grow as more repositories are analyzed.

Repo overview

See tracked repos, inactivity windows, and package performance in one page.

Methodology

Inspect the signals behind the current heuristic layer.

ML results

Review metrics, dataset coverage, and cached runs without crowding one page.

Start Analysis

Clean intake, fast triage, no extra ceremony.

Choose a repo URL, dependency artifact, or demo profile. New OSS repositories are scored with the same signals used for the training base.

Repository mode scores and ranks the repo directly.
Upload mode preserves artifact provenance before analysis starts.

GitHub repository URL

Paste a GitHub URL. The run always produces a repository profile that can be compared with the ranked OSS training base.

Include transitive dependencies when the backend can resolve them.

Analyses support triage and monitoring. They do not certify packages as safe or unsafe.

Each score keeps factors, missing signals, and provenance visible for analyst review.

Repository and upload modes align with deps.dev, GitHub, and Scorecard-backed enrichment paths.

The dashboard frames outputs as risk profiles and action cues, not definitive trust verdicts.