Sentinel
/sentinel:package-riskPROPackage Risk Analysis
Analyzes an installed package's source code for suspicious behavior patterns — eval calls, network requests, environment access, and obfuscation.
What it does
Inspects actual source code, not just metadata
Detects supply chain attack patterns
Supports JS, Python, Rust, and Go ecosystems
What you get by plan
PRO
Supply chain risk scoring from actual package source, not metadata.
- Eval, exec, and dynamic-require detection
- Outbound network and env-var access flags
- Obfuscation and minified-payload signals
- File:line context per suspicious pattern
- JS, Python, Rust, Go ecosystems