I've been working on OSS IQ Dependencies audit tool to help engineering teams keep their NPM and PyPI dependencies healthy in a controlled, deterministic way. The goal is to shift the focus away from reactive CVE noise suppression and more toward leading indicators that support a more sustainable, predictable development cycle without reliance.
https://github.com/ossiq/ossiq and https://ossiq.dev
reply