npm installs packages blindly — I built a CLI to fix that

Hey everyone,

I recently built a small CLI tool called guard-install that analyzes npm packages for potential risks before installing them.

👉 Try it:

npx guard-install axios

The idea came from noticing how npm installs packages blindly, even though supply chain attacks and malicious packages are becoming more common.

What it does:

• Checks package metadata (publish recency, maintainers, downloads)

• Detects install scripts (postinstall / preinstall)

• Scans dependencies (depth-limited)

• Calculates a risk score (LOW / MEDIUM / HIGH)

• Explains why a package might be risky

• Installs safely using --ignore-scripts

Example output:

(you can paste a short CLI output snippet here)

GitHub: https://github.com/dasanakudigenithin/guard-install

npm: https://www.npmjs.com/package/guard-install

This is still early (v0.1.1), so I’d really appreciate feedback:

• Is this useful?

• What signals would you trust more?

• What would make you actually use this daily?

Thanks!