Forem: Nithin D J The latest articles on Forem by Nithin D J (@nithindj192). https://forem.com/nithindj192 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3907446%2F99acb37d-6962-4f7a-ae01-25fea33e3d13.png Forem: Nithin D J https://forem.com/nithindj192 en guard-install now scans GitHub repos before you run them Nithin D J Mon, 04 May 2026 04:20:34 +0000 https://forem.com/nithindj192/guard-install-now-scans-github-repos-before-you-run-them-21me https://forem.com/nithindj192/guard-install-now-scans-github-repos-before-you-run-them-21me <p>Hey everyone,</p> <p>I shared this earlier as a CLI to analyse npm packages before installing.</p> <p>Since then, I’ve added something I think is even more useful:</p> <p>👉 <strong>You can now scan GitHub repos before cloning or running them</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx guard-install <span class="nt">--repo</span> https://github.com/user/repo </code></pre> </div> <h3> Why this matters </h3> <p>There’s a growing pattern (especially in crypto interviews / side projects):</p> <blockquote> <p>“Clone this repo and run it locally”</p> </blockquote> <p>Some of these repos:</p> <ul> <li>access environment variables</li> <li>interact with wallets / keys</li> <li>make outbound network calls</li> </ul> <p>You don’t always notice what’s happening before you run the code.</p> <h3> What the repo scan does </h3> <ul> <li>Scans files (without executing anything)</li> <li> <p>Detects:</p> <ul> <li>sensitive data patterns (PRIVATE_KEY, MNEMONIC)</li> <li>crypto/wallet usage</li> <li>network calls</li> <li>shell execution</li> </ul> </li> <li><p>Combines signals → gives a <strong>risk level (LOW / MEDIUM / HIGH)</strong></p></li> <li><p>Explains <em>why</em> something might need review</p></li> </ul> <h3> Example </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>🔐 Sensitive data patterns found 💰 Cryptocurrency functionality 🌐 Network activity detected Risk: MEDIUM — Sensitive domain with multiple relevant signals </code></pre> </div> <h3> Links </h3> <p>GitHub: <a href="https://github.com/dasanakudigenithin/guard-install" rel="noopener noreferrer">https://github.com/dasanakudigenithin/guard-install</a><br> npm: <a href="https://www.npmjs.com/package/guard-install" rel="noopener noreferrer">https://www.npmjs.com/package/guard-install</a><br> DEV.to: <a href="https://dev.to/nithindj192/npm-installs-packages-blindly-i-built-a-cli-to-fix-that-1dd">https://dev.to/nithindj192/npm-installs-packages-blindly-i-built-a-cli-to-fix-that-1dd</a> </p> <p>Still early, but getting more practical now.</p> <p>Would love feedback on:</p> <ul> <li>Are these signals useful or noisy?</li> <li>What would make you trust a HIGH risk warning?</li> <li>Would you use this before running unknown repos?</li> </ul> <p>Thanks!</p> npm node riskanalysis npm installs packages blindly — I built a CLI to fix that Nithin D J Sat, 02 May 2026 03:20:27 +0000 https://forem.com/nithindj192/npm-installs-packages-blindly-i-built-a-cli-to-fix-that-1dd https://forem.com/nithindj192/npm-installs-packages-blindly-i-built-a-cli-to-fix-that-1dd <p>Hey everyone,</p> <p>I recently built a small CLI tool called <strong>guard-install</strong> that analyzes npm packages for potential risks <em>before</em> installing them.</p> <p>👉 Try it:</p> <p>npx guard-install axios</p> <p>The idea came from noticing how npm installs packages blindly, even though supply chain attacks and malicious packages are becoming more common.</p> <p>What it does:</p> <ul> <li><p>Checks package metadata (publish recency, maintainers, downloads)</p></li> <li><p>Detects install scripts (postinstall / preinstall)</p></li> <li><p>Scans dependencies (depth-limited)</p></li> <li><p>Calculates a risk score (LOW / MEDIUM / HIGH)</p></li> <li><p>Explains <em>why</em> a package might be risky</p></li> <li><p>Installs safely using <code>--ignore-scripts</code></p></li> </ul> <p>Example output:</p> <p>(you can paste a short CLI output snippet here)</p> <p>GitHub: <a href="https://github.com/dasanakudigenithin/guard-install" rel="noopener noreferrer">https://github.com/dasanakudigenithin/guard-install</a></p> <p>npm: <a href="https://www.npmjs.com/package/guard-install" rel="noopener noreferrer">https://www.npmjs.com/package/guard-install</a></p> <p>This is still early (v0.1.1), so I’d really appreciate feedback:</p> <ul> <li><p>Is this useful?</p></li> <li><p>What signals would you trust more?</p></li> <li><p>What would make you actually use this daily?</p></li> </ul> <p>Thanks!</p> cli npm security showdev