Quality

Assess dependency health, quality scoring, and maintenance signals for the packages you depend on.

1 min readUpdated Jul 9, 2026

Overview

Beyond licenses and CVEs, the long-term risk of a dependency comes from how well it's maintained. FOSSA's quality scanner evaluates every direct and transitive dependency and raises a quality issue (in the project's Issues tab) when a package is outdated, blocked, or shows a supply-chain risk signal.

What this covers

Put it to work

  • Use Quality Policies to gate on quality thresholds across your projects, so unhealthy dependencies raise issues automatically.
  • Review what FOSSA finds alongside your licensing and security issues; the same triage workflow surfaces all three.
© 2026 FOSSA, Inc.support@fossa.com