I applaud the idea and love that you made this freely available without bolting on a SaaS subscription on top of it.

However, I always roll my eyes when I see high severity risk in dependency chains due to ReDoS vulnerabilities. Sure, it matters for a web server maybe, but code running in a CLI tool, browser app, VSCode extension, or even a serverless lambda runtime really won't be affected much. More often than not, I find the `npm audit` risk classifications to be nonsense.