Blast Radius
GitHub
Blog
Top Packages
Loading…
×
Total dependents
Direct dependents
Indirect dependents
Cascade (top-
)
Auto-pull
Needs update
Pinned
Max depth
What if the next version is compromised?
⚠️ Scope & Limitations
Scope & Limitations
Scoped to the top-
popular npm packages. Real blast radius extends beyond this graph.
Uses latest version dependency trees. Pinned older versions may have different dependencies.
Models a fresh
npm install
(no lockfile). Existing lockfiles prevent auto-pull until updated.
Does not distinguish devDependencies from runtime — build-time compromise is still a supply chain risk.