Hey everyone, I shared this earlier as a CLI to analyse npm packages before installing. Since then, I’ve added something I think is even more useful: 👉 You can now scan GitHub repos before cloning or running them npx guard-install --repo https://github.com/user/repo There’s a growing pattern (especially in crypto interviews / side projects): “Clone this repo and run it locally” Some of these repos: access environment variables interact with wallets / keys make outbound network calls You don’t always notice what’s happening before you run the code. Scans files (without executing anything) Detects: sensitive data patterns (PRIVATE_KEY, MNEMONIC) crypto/wallet usage network calls shell execution Combines signals → gives a risk level (LOW / MEDIUM / HIGH) Explains why something might need review Example 🔐 Sensitive data patterns found 💰 Cryptocurrency functionality 🌐 Network activity detected Risk: MEDIUM — Sensitive domain with multiple relevant signals GitHub: https://github.com/dasanakudigenithin/guard-install https://www.npmjs.com/package/guard-install https://dev.to/nithindj192/npm-installs-packages-blindly-i-built-a-cli-to-fix-that-1dd Still early, but getting more practical now. Would love feedback on: Are these signals useful or noisy? What would make you trust a HIGH risk warning? Would you use this before running unknown repos? Thanks!