Upload or paste lock files and manifests. ThreatPkg matches package names and versions against malware and supply-chain incidents (local index plus live OSV malware checks)—not every CVE. Prefer package-lock.json, yarn.lock, bun.lock, pnpm-lock.yaml, or poetry.lock for exact versions.
THREATPKG
SYNC STALE
Check manifests against indexed compromise incidents