Check your npm lockfile for vulnerabilities instantly

One upload tells you if your dependencies are putting your app at risk.

Drop your lockfile here or click to browse
Start Now

Free instant scan, no signup required.

Files are processed locally. Nothing is uploaded.

📄
Lockfile
Upload npm lockfile
🔍
Scan
Instant threat detection
Results
Severity report
1,247 current npm vulnerabilities tracked
🔴 Critical
🟠 High
🟡 Medium
[email protected] CRITICAL 2 min ago
[email protected] HIGH 15 min ago
[email protected] MEDIUM 32 min ago
[email protected] HIGH 1 hour ago
[email protected] CRITICAL 2 hours ago

Latest npm Threat Intelligence

Stay informed about the latest security incidents and compromised packages

Loading latest threat intelligence...

Features

🔒 Privacy First

Your lockfiles never leave your browser. All processing happens locally on your device.

⚡ Lightning Fast

Get results in seconds. No server uploads, no waiting in queues.

📊 Always Updated

Daily updates from OSV database and curated incident feeds for the latest threats.

How It Works

1

Drop Your Lockfile

Drag and drop your package-lock.json, pnpm-lock.yaml, or yarn.lock file into the browser.

2

Local Analysis

Dependencies are parsed locally in your browser and matched against our vulnerability database.

3

Instant Results

Get immediate feedback on vulnerable packages with links to security advisories and remediation steps.

Technical Architecture

Our system processes your lockfiles entirely within your browser using advanced client-side parsing and vulnerability matching algorithms.

  • Zero Server Upload: Files never leave your device
  • Real-time Matching: Instant comparison against 50,000+ vulnerabilities
  • Multi-format Support: npm, pnpm, and Yarn lockfiles
  • OSV Integration: Daily updates from Google's Open Source Vulnerabilities database
NTLLI Technical Architecture Diagram
Start Now

Ready to check your dependencies? Go back to the scanner above.