Compromised packages tend to be removed as soon as npm finds out about it, so there's not much need for a service like that.
There are services for checking whether a package has a vulnerability in. You can run npm audit or use something like Snyk to achieve this.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.