I Built a Browser Extension That Shows Trust Scores on npm, PyPI, and GitHub

I keep catching myself installing packages I know nothing about. Last month I added an LLM wrapper from npm that had 200 stars and no license file. Turns out it was abandoned, had three unpatched CVEs, and was pulling in a dependency with a known supply chain compromise. I only found out because a colleague happened to mention it. The AI tooling ecosystem is growing faster than anyone can audit. There are 5 million+ AI assets out there — agents, MCP servers, LangChain tools, Hugging Face models — and most developers evaluate them by star count and README quality. That is not a security strategy. So I built a browser extension that surfaces trust scores inline, right where you make decisions. How It Works The Nerq browser extension detects when you are viewing a package on npm, PyPI, or a GitHub repository. It sends only the package name to the nerq.ai API, retrieves its trust score, and renders a small badge overlay on the page. No browsing data, no telemetry, no tracking — just a name

I Built a Browser Extension That Shows Trust Scores on npm, PyPI, and GitHub

Related Articles

5 Things I Learned After 3 Years as a Software Engineer

I Thought Learning to Code Would Change My Life. I Was Right — But Not in the Way I Expected

Why Programming Paradigms Matter in Modern Software Development?

How to clear your Roku TV cache (and why it's critical to do so)

Introducing KodeSherpa: Build DeFi Smart Contracts with Ease

Related Articles

How-To
5 Things I Learned After 3 Years as a Software Engineer
Medium Programming • 12m ago

How-To
I Thought Learning to Code Would Change My Life. I Was Right — But Not in the Way I Expected
Medium Programming • 1h ago

How-To
Why Programming Paradigms Matter in Modern Software Development?
Medium Programming • 2h ago

How-To
How to clear your Roku TV cache (and why it's critical to do so)
ZDNet • 2h ago

How-To
Introducing KodeSherpa: Build DeFi Smart Contracts with Ease
Dev.to • 3h ago