NPMScan – Malicious NPM Package Detection & Security Scanner

I built npmscan.com because npm has become a minefield. Too many packages look safe on the surface but hide obfuscated code, weird postinstall scripts, abandoned maintainers, or straight-up malware. Most devs don’t have time to manually read source every time they install something — so I made a tool that does the dirty work instantly. What npmscan.com does: Scans any npm package in seconds Detects malicious patterns, hidden scripts, obfuscation, and shady network calls Highlights abandoned or suspicious maintainers Shows full file structure + dependency tree Assigns a risk score based on real security signals No install needed — just search and inspect The goal is simple: 👉 Make it obvious when a package is trustworthy — and when it’s not. If you want to quickly “x-ray” your dependencies before you add them to your codebase, you can try it here: https://npmscan.com Let me know what features you’d want next. submitted by /u/kryakrya_it [link] [comments]Technical Information Security Content & DiscussionRead More