Software supply chain attacks have revealed blind spots in existing SCA tools, which are often limited to a single ecosystem and assess either software artifacts or community activity in isolation. This fragmentation across tools and ecosystems forces developers to manually reconcile scattered data, undermining risk assessments. We present Package Dashboard, a cross-ecosystem framework that provides a unified platform for supply chain analysis, enabling a holistic, dual-perspective risk assessment by integrating package metadata, vulnerability information, and upstream community health metrics. By combining dependency resolution with repository analysis, it reduces cognitive load and improves traceability. Demonstrating the framework's versatility, a large-scale study of 374,000 packages across five Linux distributions shows its ability to uncover not only conventional vulnerabilities and license conflicts but also overlooked risks such as archived or inaccessible repositories. Ultimately, Package Dashboard provides a unified view of risk, equipping developers and DevSecOps engineers with actionable insights to strengthen the transparency, trustworthiness, and traceability of open-source ecosystems. Package Dashboard is publicly available at https://github.com/n19htfall/PackageDashboard, and a demonstration video can be found at https://youtu.be/y9ncftP8KPQ. Besides, the online version is available at https://pkgdash.osslab-pku.org.

翻译：软件供应链攻击暴露了现有软件成分分析（SCA）工具的盲区，这些工具通常局限于单一生态系统，且孤立地评估软件制品或社区活动。工具与生态系统间的碎片化迫使开发者手动整合分散数据，削弱了风险评估的有效性。本文提出Package Dashboard——一个跨生态系统框架，为供应链分析提供统一平台，通过整合软件包元数据、漏洞信息及上游社区健康度指标，实现整体性双视角风险评估。该框架结合依赖解析与代码仓库分析，降低认知负荷并提升可追溯性。通过对五个Linux发行版中374,000个软件包的大规模研究，展示了该框架的多功能性：不仅能发现传统漏洞与许可证冲突，还能识别归档仓库或不可访问仓库等被忽视的风险。最终，Package Dashboard提供统一的风险视图，为开发者和DevSecOps工程师提供可操作的洞见，以增强开源生态系统的透明度、可信度与可追溯性。Package Dashboard已在https://github.com/n19htfall/PackageDashboard公开，演示视频见https://youtu.be/y9ncftP8KPQ，在线版本可通过https://pkgdash.osslab-pku.org访问。