Analyzes your full dependency tree — last commit date, open CVEs, bus factor, and risk score per package