Verify any package on live registries before install — and plan upgrades from GitHub release notes. One tool, 5 tasks via task: check (default), upgrade, security, migrate, debug. Each task returns focus, summary, data, hint, related_tasks, next_calls, meta. Use for frameworks (next, react, vite, express), payments (stripe), auth (next-auth, @clerk/nextjs, passport), databases (prisma, drizzle-orm, pg), and any dep on npm/PyPI/cargo/gem/go/maven/nuget/packagist/pub/hex/cocoapods/spm. Version resolution: pass version/from_version, or source:github:owner/repo to read the pinned version from package.json via GitHub API (primary path for hosted MCP upgrades). Workflow: get_project_context({ topic: "integrations" }) → check_package({ task: "check" }) → task=security if vulnerable → task=upgrade with from_version when bumping. task=upgrade|migrate parses GitHub releases for breaking_changes, migration_steps, code_example, advisories. DO NOT use for repo orientation (get_project_context), lockfile transitive audit (npm audit), API docs (Context7), or install verification (project_memory). Read-only.