To prevent the initial installation of a package with issues, it would be nice to allow some kind of hook (maybe
preinstall
?) to be added to a project.
When it is there and one tries to install a package that has major/minor/any issues it would either just prevent it from being installed, or maybe list some details and ask for a confirmation before going ahead.
If it is a tool that you have to remember to use before running
npm install x
or
yarn add x
or ... the impact is likely not that high, but I guess it would also be better than nothing.
Maybe it could become a feature of the CLI tool that you are working on?
But maybe a small dependency free npm package that can be run with
npx
will be better to allow it to be run even without any local installation taking place beforehand...