Threat Intelligence Report: Foreign Influence in EasyJSON
Security Risk Exposed: Meet Fast-Glob – Read Our Research
Stop Guessing. Start Hunting. Use DepsDiver Today.
Home
Company
Products
Pricing
Resources
Start Hunting
Start Hunting
Start Hunting
Start Hunting
Home
Company
Products
Pricing
Resources
Start Hunting
Start Hunting
License

DepsDiverTM Guide

Getting started with DepsDiver™
Search Dependencies
Package Search Results
How to Search Dependencies?

There are two different ways to investigate:

Option 1: Search by package

To search by package, input the package name into the search box. You will be presented with packages that match that package name along with the language ecosystem they are in. Please note: For the go ecosystem, you must input the full repository path for that package.

When you are ready, hit enter to search.

Try it out: As an example, try searching for easyjson in the go ecosystem. This package is a great example of adversarial foreign influence across both package ownership and contributors.

Option 2: Search by username

To search by contributor, input a Github username into the search box and hit enter. On the results page, click on "Users" and click on the user you want to research.

Try it out: Search for the user "mrmlnc".

When you click on the profile, it will show you all of the information available about them.

Exploring Package Search Results

Upon executing a search, you’ll arrive at the package search results landing page. If the top banner is red, that means there is some level of foreign influence detected in your package. Below this banner, you’ll see the following scorecards:

  • OpenSSF Scorecard data
  • FOCI Countries
  • FOCI Contributors
  • FOCI Organizations

Below that are a few tabs highlighting:

  • Risks: See FOCI and repository security risks as well as a heat map of contributions.
  • Contributors: Lists all the contributors to this package ranked by number of commits. Click into another contributor to reveal their developer risk profile.
  • Alternatives: Lists alternatives to the selected package that provide the same functionality.
  • Commits: View contribution graphs.
  • Releases: Showcases the history of all of the releases and tags for this software.
  • Metadata: View top-level information about the selected package.

    • Below these tabs, DepsDiver™ displays a chart revealing your package’s top contributors, as well as their geocoded location data.

    As you scroll further down, you get to the details of the OpenSSF scorecard. Click "View Scorecard Details", to access all related data.

    Important Note

    All contributor information available in DepsDiver™ is tied directly to published open source packages. If you come across a username that does not produce results in DepsDiver™, then that profile has not contributed to a package published under one of our tracked language ecosystems.

    Need Assistance?

    Please send us an email at support@start-depsdiver.com. Happy diving!

    Cta ImageCta Image

    Your Hunt Starts Now

    Learn how DepsDiver and Entercept help organizations investigate and defend their software supply chains and critical systems.
    Start Hunting
    Start Hunting

    Stay Connected

    Sign up for the latest updates on threats we uncover, research drops, and Hunted Labs news.
    Company
    About UsCareersNewsroom
    Use Cases
    SBOM & Vulnerability
    Management    Software Supply
    Chain Security    Container Security
    Cookies
    Cookie Preferences
    © 2026 All Rights Reserved | Hunted Labs

    Cookie Settings

    We value your privacy. The site uses necessary cookies to operate and maintain security, which
    are set automatically. We also use analytics cookies to understand how visitors use this site so we can improve it. These cookies are only placed with your consent. No analytics data is collected if you decline. You can change your preference at any time via the "Cookie Preferences" link in the footer below. For more information, see our Privacy Policy.

    Allow AllReject

    Customize

    Cookie Settings

    We value your privacy. We use analytics cookies to understand how visitors use this site so we can improve it. These cookies are only placed with your consent. No analytics data is collected if you decline. You can change your preference at any time via the "Cookie Settings" link at the bottom of this page. For more information, see our Privacy Policy.

    These items required to enable basic website functionality

    Cookies used to deliver advertising that is more relevant to you and your interests.

    Cookies allowing the website to remember choices you make (such as your user name, language, or the region you are in).

    Cookies helping understand how this website performs, how visitors interact with the site, and weather there may be technical issues.

    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.
    Confirm ChoicesCancel