npm package provenance attestation forensic analyzer — free browser tool | fatcousin

drop npm sigstore provenance bundle · parse publisher + build config + tarball digest · runs locally

input

drop supply chain provenance export

csv · json · jsonl · multiple files · local only

Select file

drop npm sigstore provenance bundle · local only

limits

heuristic screener · vendor schema varies · not definitive proof

status

>ready