Connect Clawsmith to your coding agent. Ship products like crazy.Unlimited usage during betaGet API Key →

← Back to ideas

clawsmith.com/idea/npm-v12-install-script-migration-scanner

IdeaCompetitivenpmdev-toolingsecurityLive

A CLI tool that scans a project dependency tree for npm v12 breaking-change exposure and outputs a prioritized migration plan

npm v12 ships in July 2026 and makes three previously implicit behaviors opt-in: lifecycle install scripts from dependencies, git-sourced packages, and remote-URL packages. A project can have hundreds of transitive dependencies and no quick way to know which ones will break at upgrade time. This CLI walks the full lockfile, classifies every dependency by its exposure type, checks whether each package has a binding.gyp or explicit install-script hook, flags git and remote-URL entries, and produces a prioritized allowlist-ready migration report with per-package risk scores and one-command fixes. It is not a general vulnerability scanner and not a dependency version updater; it is specifically scoped to the v12 breaking-change surface and outputs a commit-ready package.json allowScripts block plus CI patch instructions.

Demand Breakdown

HN

1,915

Social Proof 2 sources

Malicious npm packages detected across Red Hat Cloud Services

Upcoming breaking changes for npm v12

Gap Assessment

CompetitiveMultiple tools exist but differentiation opportunities remain

6 tools exist (, , , , , )

Features8 agent-ready prompts

Full lockfile dependency tree walk

▶

Install-script exposure classifier

▶

Git and remote-URL dependency detector

▶

Risk scoring and prioritized migration report

▶

Commit-ready allowScripts block generator

▶

CI pipeline integration and diff mode

▶

Interactive approval wizard

▶

Pre-built binary alternative suggester

▶

Competitive LandscapeFREE

Product	Does	Missing

Leads396BUILDER

@kurmiashish

@plasma

@aniceperson

@joeyhage

@altmanaltman

@amitport

@tempay

@jbverschoor

396 people already want this

Sign in to unlock full access.

Aggregate Score

1,915

396 leads found

Details

TypeProduct Idea

Competitors6

Features8

Issues2

Leads396

Source Signals

All signals →

1.9KA CLI tool that scans a JavaScript project for npm v12 install script breakage and generates a risk-annotated allowlist before July 2026

Related Ideas

0A CLI tool that ingests CI run logs after a supply-chain compromise and produces a per-secret rotation impact map across repos and providers 0A CLI tool that automates full migration from Gemini CLI to Antigravity CLI 0A CLI tool that intercepts npm installs, flags behavioral risks, and enforces per-team cooldown policies before any package lands in a project

Tags

npmdev-toolingsecuritymigrationnodejsclisupply-chain