If you've ever run npm install and thought "what exactly did I just put on my machine?", this one's for you. The problem that got me started A while back I was poking around the node_modules of a mid-sized project. It had 47 direct dependencies and... 841 transitive ones. Forty-seven became eight hundred and forty-one. No tool was giving me a clear picture of which ones were risky, which had active CVEs, or — worse — which had been quietly compromised. Snyk and Dependabot exist, sure, but they're either paid or require you to hand your repository over to a third-party service. I wanted something that ran locally, offline, and without giving anyone access to my code. That's how OpenSentinel was born. What it does One line: it analyzes your full dependency tree and tells you which packages are risky and why.…