The latest articles on DEV Community by Nithin D J (@nithindj192). https://dev.to/nithindj192 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3907446%2F99acb37d-6962-4f7a-ae01-25fea33e3d13.png https://dev.to/nithindj192 en Nithin D J Sat, 02 May 2026 03:20:27 +0000 https://dev.to/nithindj192/npm-installs-packages-blindly-i-built-a-cli-to-fix-that-1dd https://dev.to/nithindj192/npm-installs-packages-blindly-i-built-a-cli-to-fix-that-1dd <p>Hey everyone,</p> <p>I recently built a small CLI tool called <strong>guard-install</strong> that analyzes npm packages for potential risks <em>before</em> installing them.</p> <p>👉 Try it:</p> <p>npx guard-install axios</p> <p>The idea came from noticing how npm installs packages blindly, even though supply chain attacks and malicious packages are becoming more common.</p> <p>What it does:</p> <ul> <li><p>Checks package metadata (publish recency, maintainers, downloads)</p></li> <li><p>Detects install scripts (postinstall / preinstall)</p></li> <li><p>Scans dependencies (depth-limited)</p></li> <li><p>Calculates a risk score (LOW / MEDIUM / HIGH)</p></li> <li><p>Explains <em>why</em> a package might be risky</p></li> <li><p>Installs safely using <code>--ignore-scripts</code></p></li> </ul> <p>Example output:</p> <p>(you can paste a short CLI output snippet here)</p> <p>GitHub: <a href="https://github.com/dasanakudigenithin/guard-install" rel="noopener noreferrer">https://github.com/dasanakudigenithin/guard-install</a></p> <p>npm: <a href="https://www.npmjs.com/package/guard-install" rel="noopener noreferrer">https://www.npmjs.com/package/guard-install</a></p> <p>This is still early (v0.1.1), so I’d really appreciate feedback:</p> <ul> <li><p>Is this useful?</p></li> <li><p>What signals would you trust more?</p></li> <li><p>What would make you actually use this daily?</p></li> </ul> <p>Thanks!</p> cli npm security showdev