This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
Product upvotes vs the next 3
Waiting for data. Loading
Product comments vs the next 3
Waiting for data. Loading
Product upvote speed vs the next 3
Waiting for data. Loading
Product upvotes and comments
Waiting for data. Loading
Product vs the next 3
Loading
npm-risk
Check npm package risk before you install
npm-risk is a zero-dependency CLI that checks npm packages for basic supply-chain risk signals before you install them. It looks at publish recency, install scripts, dependencies, maintainers, known vulnerabilities, and GitHub health, then gives you a simple LOW / MEDIUM / HIGH risk score. Try it: npx npm-risk For more in-depth information: https://medium.com/@Freedruk/npm-risk-a-lightweight-way-to-think-before-you-install-47b66996e943
I built npm-risk because installing an npm package means trusting code that may run on your machine, your CI, or your production build.
Before adding a dependency, I wanted a fast way to ask: “Is there anything here that deserves a closer look?”
So npm-risk checks basic risk signals like: Recently published versions Install lifecycle scripts Runtime dependency count Maintainer count Known npm vulnerabilities GitHub repo health Open issues, stars, archive status, and recent activity
It is intentionally zero-dependency and lightweight. It is not a full security scanner, and it does not replace npm audit or manual review. It is meant to be a quick first-pass signal before you install.
Try it with: npx npm-risk <package-name>
I’d love feedback on the scoring, heuristics, and what checks should be added next.
About npm-risk on Product Hunt
“Check npm package risk before you install”
npm-risk was submitted on Product Hunt and earned 2 upvotes and 1 comments, placing #131 on the daily leaderboard. npm-risk is a zero-dependency CLI that checks npm packages for basic supply-chain risk signals before you install them. It looks at publish recency, install scripts, dependencies, maintainers, known vulnerabilities, and GitHub health, then gives you a simple LOW / MEDIUM / HIGH risk score. Try it: npx npm-risk For more in-depth information: https://medium.com/@Freedruk/npm-risk-a-lightweight-way-to-think-before-you-install-47b66996e943
On the analytics side, npm-risk competes within Open Source, Software Engineering, Developer Tools and GitHub — topics that collectively have 664.5k followers on Product Hunt. The dashboard above tracks how npm-risk performed against the three products that launched closest to it on the same day.
Who hunted npm-risk?
npm-risk was hunted by Fredrik Ward. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
For a complete overview of npm-risk including community comment highlights and product details, visit the product overview.
Fredrik Ward
Hey Product Hunt 👋
I built npm-risk because installing an npm package means trusting code that may run on your machine, your CI, or your production build.
Before adding a dependency, I wanted a fast way to ask:
“Is there anything here that deserves a closer look?”
So npm-risk checks basic risk signals like:
Recently published versions
Install lifecycle scripts
Runtime dependency count
Maintainer count
Known npm vulnerabilities
GitHub repo health
Open issues, stars, archive status, and recent activity
It is intentionally zero-dependency and lightweight. It is not a full security scanner, and it does not replace npm audit or manual review. It is meant to be a quick first-pass signal before you install.
Try it with:
npx npm-risk <package-name>
I’d love feedback on the scoring, heuristics, and what checks should be added next.