dep-scan: Fully open-source security audit for project dependencies