Security
advisory
extension
supply-chain
Overlay is a browser extension that helps developers evaluate open source packages before picking them. It gathers data from various sources and displays them on package pages of popular registries like npm, PyPI, and Go. With Overlay, you can quickly consider packages based on metrics like popularity, quality, security, maintenance, and compatibility. You can also see detailed information about each package, such as its license, dependencies, vulnerabilities, issues, releases, and more.
The extension is available for Chrome and Firefox and supports websites like StackOverflow and advisories like Debricked, Snyk, Socket, and DepsDev.
To start using Overlay, install the extension from Chrome Web Store or Firefox Add-ons. After installing, use it on any supported page by hovering over package names and links to see indicators showing the number of issues. You can customize the data sources used by clicking on the Overlay logo in the extensions bar.
Overlay is written in Vue.js and uses a background script to fetch package data from various external sources. The project is open source under the MIT license, and contributions are welcome.
Overall, Overlay aims to help developers make informed decisions when choosing open source packages for their projects.