If you discover a security vulnerability in npm-scanner, please report it by opening a GitHub issue.

For sensitive issues that shouldn't be publicly disclosed, contact the maintainers directly through GitHub.

npm-scanner is a security auditing tool that analyzes npm packages. The tool itself:

• Runs locally on your machine
• Does not collect or transmit data
• Has no external dependencies (zero npm packages)
• Uses only system tools (bash, curl, jq)

When using npm-scanner:

• Review flagged packages before installation
• Keep your local tools (curl, jq, bash) updated
• Run scans in isolated environments when analyzing untrusted packages