What we look for
- Malware patterns and dangerous install hooks.
- Committed secrets and live .env files.
- Listing quality gaps - missing README, LICENSE, or .env.example.
- Bloated archives with node_modules or build output.
Verdicts
Scans may return clean, suspicious (needs human review), or blocked. Blocked archives cannot be approved until you fix and resubmit.
Run the free Repo health scanner with `git ls-files` output before upload to catch documentation gaps early.