I built npmscan.com because npm has become a minefield. Too many packages look safe on the surface but hide obfuscated code, weird postinstall scripts, abandoned maintainers, or straight-up malware. Most devs donβt have time to manually read source every time they install something β so I made a tool that does the dirty work instantly.
What npmscan.com does:
- Scans any npm package in seconds
- Detects malicious patterns, hidden scripts, obfuscation, and shady network calls
- Highlights abandoned or suspicious maintainers
- Shows full file structure + dependency tree
- Assigns a risk score based on real security signals
- No install needed β just search and inspect
The goal is simple:
π Make it obvious when a package is trustworthy β and when itβs not.
If you want to quickly βx-rayβ your dependencies before you add them to your codebase, you can try it here:
https://npmscan.com
Let me know what features youβd want next.
submitted by
/u/kryakrya_it [link] [comments]
Login
FreshRSS 
