This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
npm-risk is a zero-dependency CLI that checks npm packages for basic supply-chain risk signals before you install them. It looks at publish recency, install scripts, dependencies, maintainers, known vulnerabilities, and GitHub health, then gives you a simple LOW / MEDIUM / HIGH risk score. Try it: npx npm-risk For more in-depth information: https://medium.com/@Freedruk/npm-risk-a-lightweight-way-to-think-before-you-install-47b66996e943
I built npm-risk because installing an npm package means trusting code that may run on your machine, your CI, or your production build.
Before adding a dependency, I wanted a fast way to ask: “Is there anything here that deserves a closer look?”
So npm-risk checks basic risk signals like: Recently published versions Install lifecycle scripts Runtime dependency count Maintainer count Known npm vulnerabilities GitHub repo health Open issues, stars, archive status, and recent activity
It is intentionally zero-dependency and lightweight. It is not a full security scanner, and it does not replace npm audit or manual review. It is meant to be a quick first-pass signal before you install.
Try it with: npx npm-risk <package-name>
I’d love feedback on the scoring, heuristics, and what checks should be added next.
No comment highlights available yet. Please check back later!
About npm-risk on Product Hunt
“Check npm package risk before you install”
npm-risk was submitted on Product Hunt and earned 2 upvotes and 1 comments, placing #131 on the daily leaderboard. npm-risk is a zero-dependency CLI that checks npm packages for basic supply-chain risk signals before you install them. It looks at publish recency, install scripts, dependencies, maintainers, known vulnerabilities, and GitHub health, then gives you a simple LOW / MEDIUM / HIGH risk score. Try it: npx npm-risk For more in-depth information: https://medium.com/@Freedruk/npm-risk-a-lightweight-way-to-think-before-you-install-47b66996e943
npm-risk was featured in Open Source (68.4k followers), Software Engineering (42.4k followers), Developer Tools (512.5k followers) and GitHub (41.2k followers) on Product Hunt. Together, these topics include over 107.9k products, making this a competitive space to launch in.
Who hunted npm-risk?
npm-risk was hunted by Fredrik Ward. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
Want to see how npm-risk stacked up against nearby launches in real time? Check out the live launch dashboard for upvote speed charts, proximity comparisons, and more analytics.
Fredrik Ward
Hey Product Hunt 👋
I built npm-risk because installing an npm package means trusting code that may run on your machine, your CI, or your production build.
Before adding a dependency, I wanted a fast way to ask:
“Is there anything here that deserves a closer look?”
So npm-risk checks basic risk signals like:
Recently published versions
Install lifecycle scripts
Runtime dependency count
Maintainer count
Known npm vulnerabilities
GitHub repo health
Open issues, stars, archive status, and recent activity
It is intentionally zero-dependency and lightweight. It is not a full security scanner, and it does not replace npm audit or manual review. It is meant to be a quick first-pass signal before you install.
Try it with:
npx npm-risk <package-name>
I’d love feedback on the scoring, heuristics, and what checks should be added next.