Kotiq

Kotiq checks an npm package or GitHub repository for risky install hooks, dangerous dependencies, and known vulnerabilities — and shows a clear verdict right on the page, before anything runs on your machine. It reads the project without ever executing a line, and an AI layer explains why in plain language (early access).

• 🔍 Risky install hooks, dependencies & known vulnerabilities
• 🐾 Hidden malware & typosquats — not just CVEs
• 🔒 Never runs the code · 🧠 AI explains why
• 🌐 On npmjs.com & GitHub — right on the page