Track Security Debt &
Vulnerability Costs
Analyze your package.json files, identify vulnerable dependencies, and estimate the real cost to fix them — before they become incidents.
Cancel anytime. No credit card required to explore.
Vulnerability Scan
Parses package.json and cross-references the npm advisory database for known CVEs.
Cost Estimation
Calculates fix effort in hours and dollars based on severity, usage depth, and team rate.
Debt Dashboard
Tracks security debt over time with GitHub integration for continuous repo monitoring.
Simple Pricing
Pro
$15
per month
- ✓ Unlimited repository scans
- ✓ GitHub integration
- ✓ CVE cost estimator
- ✓ Security debt timeline
- ✓ Email alerts on new CVEs
- ✓ Priority support
FAQ
How does the cost estimation work?
We calculate fix effort using CVE severity (CVSS score), the number of dependents in your project, and a configurable hourly engineering rate. The result is an estimated hours-to-fix and dollar cost per vulnerability.
Which package managers are supported?
Currently npm and Yarn via package.json and package-lock.json. pnpm and Bun support is on the roadmap.
Is my source code sent to your servers?
No. Only your dependency manifest files (package.json / lock files) are analyzed. Your source code never leaves your environment.