It runs dependency safety checks for things like known CVEs, typo-squatting, abandoned packages, stale releases, package age/cooldown windows, and PyPI hash-pin integrity.
It currently supports npm, PyPI, RubyGems, Maven, Go, and Rust. Open source to help others.