Building vet. The goal is to automate open source package vetting beyond just CVE but actually identify code capabilities, malicious code and other security sensitive attributes through code analysis.

https://github.com/safedep/vet