Kotiq Guard

Is this npm package safe to install? Kotiq checks it before you run it.

Kotiq Guard answers one question: is this npm package or GitHub repository safe to install or open — before you run it? Supply-chain attacks hide in the code that runs during `npm install` (install hooks) and in dependencies you never chose. Kotiq checks for them and shows a clear verdict right on the page — before anything executes on your machine. KEY FEATURES 🔍 Pre-install scan — flags risky install hooks (preinstall/postinstall), risky dependencies, and known vulnerabilities. 🐾 More than CVEs — catches hidden malware, typosquats, and malicious scripts, not just audit advisories. 🧠 AI explainer (Pro — limited early access) — turns the findings into plain, actionable language; an analyst⇄reviewer step keeps it honest. 🔒 Never executes code — static inspection of package.json, scripts and project structure; your machine stays untouched. 🌐 Works in place — instantly on npmjs.com package pages and GitHub repositories. Trustworthy by design: the verdict comes from a deterministic engine; the AI can only raise concern, never hide it. Scope: Kotiq currently focuses on the Node.js ecosystem — npm packages and Node projects on GitHub. Support for other ecosystems may follow. Kotiq Guard is in beta. The safety verdict is free for everyone; the AI explanation layer (Pro) is in limited early access while we expand — you can request access from the extension. Tiers and pricing may change. Kotiq Guard is an independent security project. It reads the package/repo page you're viewing — it does not track your browsing. Stop guessing — know before you install.