# `NPM.Security.SupplyChain`
[🔗](https://github.com/elixir-volt/npm_ex/blob/v0.7.4/lib/npm/security/supply_chain.ex#L1)

Evaluates supply chain security posture of a project's dependencies.

Combines multiple signals: provenance, integrity, deprecations,
phantom deps, and package age.

# `assess`

```elixir
@spec assess(map(), map()) :: map()
```

Assesses supply chain risk.

# `format`

```elixir
@spec format(map()) :: String.t()
```

Formats assessment for display.

# `risk_score`

```elixir
@spec risk_score(map()) :: non_neg_integer()
```

Computes a risk score (0-100, lower is better).

---

*Consult [api-reference.md](api-reference.md) for complete listing*