Hi HN! I built this tool to quickly view the true source code of npm packages before installing or updating them. You can't always trust what's on GitHub: there's no guarantee that it matches what was actually published to npm.<p>This was heavily inspired by the Elixir ecosystem's tools for the same thing: [Hex Diff][1] and [Hex Preview][2]. With several npm packages having been compromised with malware in the past, I wanted something similarly easy-to-use for the JS world.<p>[1]: <a href="https://diff.hex.pm" rel="nofollow">https://diff.hex.pm</a>
[2]: <a href="https://preview.hex.pm" rel="nofollow">https://preview.hex.pm</a>