We have built an AI Package Analyst https://app.stepsecurity.io/oss-security-feed and also monitor them using https://github.com/step-security/harden-runner for runtime behavior.