A silly little tool to find out if your dependency tree is plagued with packages from You-Know-Who
Navigate to https://observeroftime.github.io/voldephobia/, input a package query (can be a bare package name or name@version), and view the resulting data tree. With this, you can see which modules are poisoned and why they're included.
Much of the registry/module graph code was adopted from npmgraph, the license of which can be found here.