NPMScan - Malicious NPM Package Detection & Security Scanner

Posted by kryakrya_it@reddit | programming | View on Reddit | 1 comments

I built npmscan.com because npm has become a minefield. Too many packages look safe on the surface but hide obfuscated code, weird postinstall scripts, abandoned maintainers, or straight-up malware. Most devs don’t have time to manually read source every time they install something — so I made a tool that does the dirty work instantly.

What npmscan.com does:

Scans any npm package in seconds
Detects malicious patterns, hidden scripts, obfuscation, and shady network calls
Highlights abandoned or suspicious maintainers
Shows full file structure + dependency tree
Assigns a risk score based on real security signals
No install needed — just search and inspect

The goal is simple:
👉 Make it obvious when a package is trustworthy — and when it’s not.

If you want to quickly “x-ray” your dependencies before you add them to your codebase, you can try it here:

https://npmscan.com

Let me know what features you’d want next.

[-]

programming-ModTeam@reddit

This is a demo of a product or project that isn't on-topic for r/programming. r/programming is a technical subreddit and isn't a place to show off your project or to solicit feedback.

If this is an ad for a product, it's simply not welcome here.

If it is a project that you made, the submission must focus on what makes it technically interesting and not simply what the project does or that you are the author. Simply linking to a github repo is not sufficient