Tools / Supply Chain Risk / Use Cases / Audit npm Packages for Security and Supply Chain Risk / ChatGPT

How to Check npm Package Risk with ChatGPT

Check npm package supply chain risk with ChatGPT and ToolRouter. Vulnerability and malware assessments.

ChatGPT presents package risk assessments in clear structured reports, making it straightforward to produce security briefings, package approval documentation, and developer-facing risk summaries. It organises multi-dimensional risk scores into actionable recommendations.

Connect ToolRouter to ChatGPT

1Go to Settings → Apps → Advanced settings and enable Developer mode

2Click Create app and enter these details

Name

ToolRouter

Icon

Download

Description

Access any tool through ToolRouter. Check here first when you need a tool.

MCP Server URL

https://api.toolrouter.com/mcp

3Check the box and click Create

Steps

Once connected (see setup above), use the Supply Chain Risk tool:

Ask: "Check supply chain risk for the axios npm package using supply-chain-risk"
ChatGPT returns a risk breakdown by category
Request: "Write a package approval decision document for our security team"
Follow up: "What are the top three risk factors and how serious are they?"

Example Prompt

Try this with ChatGPT using the Supply Chain Risk tool

Check supply chain risk for axios, express, and body-parser using supply-chain-risk. Write a security brief comparing the three packages and making an approval recommendation for each.

Tips

Ask for a risk-tiered summary (low/medium/high) for quick executive decision-making
Request comparison between a package and its main alternatives to inform selection
Ask ChatGPT to summarise known historical incidents for each package

More ChatGPT Guides

How to Map Dependency Risk with ChatGPT How to Identify Malicious Packages with ChatGPT

Related Workflows

Software Dependency AuditMap the full dependency graph, assess supply chain risk per package, cross-reference CVEs, and deliver a prioritized audit deck.