Check your npm lockfile for vulnerabilities instantly

One upload tells you if your dependencies are putting your app at risk.

Know if your npm dependencies are safe with ntlli.com — npm intelligence.

Drop your lockfile here or click to browse
Start Now

Free instant scan, no signup required.

Files are processed locally. Nothing is uploaded.

📄
Lockfile
Upload npm lockfile
🔍
Scan
Instant threat detection
Results
Severity report
1,247 current npm vulnerabilities tracked
🔴 Critical
🟠 High
🟡 Medium
[email protected] CRITICAL 2 min ago
[email protected] HIGH 15 min ago
[email protected] MEDIUM 32 min ago
[email protected] HIGH 1 hour ago
[email protected] CRITICAL 2 hours ago

Latest npm Threat Intelligence

Stay informed about the latest security incidents and compromised packages

CRITICAL 2025-01-08

Supply Chain Attack on Popular UI Library

Multiple versions of a widely-used React component library were compromised with malicious code that exfiltrates environment variables.

react-awesome-components@* ui-toolkit@>=2.1.0
HIGH 2025-01-07

Typosquatting Campaign Targets Express Middleware

Attackers published packages with names similar to popular Express middleware, containing cryptocurrency miners.

expresss-session@* body-parserr@*
MEDIUM 2025-01-06

Prototype Pollution in Utility Library

A popular utility library was found to be vulnerable to prototype pollution attacks affecting object manipulation functions.

deep-merge-utils@<3.2.1

Features

🔒 Privacy First

Your lockfiles never leave your browser. All processing happens locally on your device.

⚡ Lightning Fast

Get results in seconds. No server uploads, no waiting in queues.

📊 Always Updated

Daily updates from OSV database and curated incident feeds for the latest threats.

How It Works

1

Drop Your Lockfile

Drag and drop your package-lock.json, pnpm-lock.yaml, or yarn.lock file into the browser.

2

Local Analysis

Dependencies are parsed locally in your browser and matched against our vulnerability database.

3

Instant Results

Get immediate feedback on vulnerable packages with links to security advisories and remediation steps.

Technical Architecture

Our system processes your lockfiles entirely within your browser using advanced client-side parsing and vulnerability matching algorithms.

  • Zero Server Upload: Files never leave your device
  • Real-time Matching: Instant comparison against 50,000+ vulnerabilities
  • Multi-format Support: npm, pnpm, and Yarn lockfiles
  • OSV Integration: Daily updates from Google's Open Source Vulnerabilities database
NTLLI Technical Architecture Diagram
Start Now

Ready to check your dependencies? Go back to the scanner above.