Hi HN! I built this tool to quickly view the true source code of npm packages before installing or updating them. You can't always trust what's on GitHub: there's no guarantee that it matches what was actually published to npm.
This was heavily inspired by the Elixir ecosystem's tools for the same thing: [Hex Diff][1] and [Hex Preview][2]. With several npm packages having been compromised with malware in the past, I wanted something similarly easy-to-use for the JS world.
Hi HN! I built this tool to quickly view the true source code of npm packages before installing or updating them. You can't always trust what's on GitHub: there's no guarantee that it matches what was actually published to npm.
This was heavily inspired by the Elixir ecosystem's tools for the same thing: [Hex Diff][1] and [Hex Preview][2]. With several npm packages having been compromised with malware in the past, I wanted something similarly easy-to-use for the JS world.
[1]: https://diff.hex.pm [2]: https://preview.hex.pm