Scoring dependencies to detect “weak links” in your open-source software supply chain 🔗 External Link