Hey everyone,
I recently built a small CLI tool called guard-install that analyzes npm packages for potential risks before installing them.
👉 Try it:
npx guard-install axios
The idea came from noticing how npm installs packages blindly, even though supply chain attacks and malicious packages are becoming more common.
What it does:
Checks package metadata (publish recency, maintainers, downloads)
Detects install scripts (postinstall / preinstall)
Scans dependencies (depth-limited)
Calculates a risk score (LOW / MEDIUM / HIGH)
Explains why a package might be risky
Installs safely using
--ignore-scripts
Example output:
(you can paste a short CLI output snippet here)
GitHub: https://github.com/dasanakudigenithin/guard-install
npm: https://www.npmjs.com/package/guard-install
This is still early (v0.1.1), so I’d really appreciate feedback:
Is this useful?
What signals would you trust more?
What would make you actually use this daily?
Thanks!