I built npmscan.com because npm has become a minefield. Too many packages look safe on the surface but hide obfuscated code, weird postinstall scripts, abandoned maintainers, or straight-up malware. Most devs don’t have time to manually read source every time they install something — so I made a tool that does the dirty work instantly.

What npmscan.com does:

• Scans any npm package in seconds

• Detects malicious patterns, hidden scripts, obfuscation, and shady network calls

• Highlights abandoned or suspicious maintainers

• Shows full file structure + dependency tree

• Assigns a risk score based on real security signals

• No install needed — just search and inspect

The goal is simple:
👉 Make it obvious when a package is trustworthy — and when it’s not.

If you want to quickly “x-ray” your dependencies before you add them to your codebase, you can try it here:

https://npmscan.com

Let me know what features you’d want next.