Showing top npm packages that run code during
npm install.
Risk = log10(weekly downloads) × hook count. All data
pulled live from the public npm registry.
A row appears here every time a tracked package's install-time script
content changes. Compare with the original Mini Shai-Hulud postmortem
to spot suspicious mutations early.
Hook-type distribution (count of tracked packages)
Top publishers by hook-using package count
Paste a
package.json or a newline-separated list of
package names. Nothing leaves your browser unless you click
Check. We never store what you paste.