Terms of Service

By using NPMScan, you agree to these simple, transparent terms.

1. What NPMScan does

  • NPMScan analyzes npm packages for security risks.
  • Reports are generated automatically based on code or package metadata you provide.
  • We don't guarantee every vulnerability or issue will be detected β€” use our reports as guidance, not absolute truth.

2. You are responsible for your own code

  • You own everything you upload or paste into the site.
  • You are responsible for how you use our reports in your project.
  • We are not liable for any damage, loss, or issues caused by your code or by depending on our analysis.

3. No storage of your data

  • We do not store package code, package.json files, or scan results.
  • Everything is processed temporarily and discarded after generating your report.
  • For enterprise users, temporary storage may happen only if you explicitly share files or project data. This is deleted when:
    • you cancel the service,
    • you request deletion,
    • or our system automatically clears it.

4. Enterprise users

  • You may provide additional project information so we can assist with security analysis.
  • You confirm that you have permission to share that data with us.
  • We handle all shared data privately and delete it as soon as it's no longer needed.

5. No warranties

  • NPMScan is provided "as is."
  • We don't promise perfect accuracy, uptime, or compatibility.
  • You use the service at your own risk.

6. Acceptable use

You agree NOT to:

  • misuse the scanner, attack our servers, or spam requests,
  • use the service for illegal activities,
  • reverse engineer, scrape, or clone our platform.

7. Limitation of liability

  • We're not responsible for losses, bugs, outages, incorrect reports, or security incidents in your project.
  • We provide insights, not guarantees.

Regional compliance

We respect the privacy laws of every jurisdiction we operate in. Here is what that means for you specifically.

πŸ‡ΊπŸ‡ΈUnited StatesCCPA & US Privacy Laws
  • We comply with the California Consumer Privacy Act (CCPA) and applicable US federal privacy laws.
  • We do not sell, share, or trade your personal information with third parties for commercial purposes.
  • California residents may request to know what data we hold, request its deletion, and opt out of any data sale β€” we hold none to sell.
  • The only personal data we ever collect is an email address you voluntarily submit for newsletter updates, which you can remove at any time.
πŸ‡¬πŸ‡§United KingdomUK GDPR & Data Protection Act 2018
  • We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
  • UK residents have the right to access, correct, erase, restrict, and port any personal data we hold about them.
  • Our lawful basis for processing any personal data is either legitimate interest or your explicit prior consent.
  • You may raise a concern with the Information Commissioner's Office (ICO) at ico.org.uk at any time.
πŸ‡ͺπŸ‡ΊEuropean UnionGDPR (Regulation 2016/679)
  • We comply with the EU General Data Protection Regulation (GDPR), Regulation (EU) 2016/679.
  • EU/EEA residents hold the right to access, rectify, erase, restrict, and port their personal data, and to object to processing.
  • We apply the data-minimisation principle β€” we process only the absolute minimum personal data necessary.
  • You may lodge a complaint with your national Data Protection Authority (DPA) at any time.

9. Changes to the service

  • NPMScan may update features, pricing, or rules at any time.
  • If we make significant changes that affect enterprise users, we'll notify them.

10. Contact

Questions or concerns? Contact us:Β shyngys@blockhacks.io