I maintain 1.4M npm downloads/week alone - so I built a tool to not lose my mind

npm audit tells you about CVEs. It won't tell you your dependency hasn't been touched in 3 years, has 200 open issues, and the maintainer left. I found this out the hard way. The Problem Nobody Talks About I maintain 7 npm packages. Combined 1.4 million downloads per week. Packages like rrule (1.2M/wk), python-shell (162k/wk), and jquery-modal (21k/wk). Most of these packages had one thing in common: their original maintainers walked away. rrule: last push 582 days ago. 1.2 million weekly downloads. python-shell: actively looking for a maintainer since 2023. 162k downloads. jquery-modal: "Maintainers wanted!" issue open since 2016. These aren't edge cases. This is normal in npm. What I Built 1. CLI Scanner (zero dependencies) npx oss-health-scan express lodash moment react Scores every package 0-100 based on: Maintenance (40%) - last push, last publish, open issues Community (25%) - stars, forks Popularity (20%) - npm downloads Risk (15%) - inactivity penalty, stale publish Exits with