Terms of Service

1. Service Description

PackageScanner is provided as a free utility for educational and informational purposes only. The Service may analyze package manifest files (such as package.json and lockfiles) and surface signals derived from package registries, security advisories, public datasets, and other third-party security-related sources. The Service is not a substitute for professional security review, audit, legal advice, or compliance assessment.

These Terms govern your use of the hosted Service operated at this domain, including the web application, hosted API endpoints, hosted MCP endpoint, and any CI or automation workflow that sends requests to those hosted endpoints. Separate companion integrations or tools that we provide outside the hosted Service, such as installable MCP client configuration, GitHub Actions code, helper scripts, or other open-source utilities, may be released under their own licenses; use of those companion tools is governed by their respective license terms. However, any data submitted from those tools to the hosted Service remains subject to these Terms.

2. Eligibility and Acceptance

By using the Service, you represent and warrant that:

• You are at least the age of majority in your jurisdiction, or you are using the Service with the consent of a parent or legal guardian.
• You have the legal authority to enter into and comply with these Terms.
• You will use the Service only for lawful purposes and in compliance with all applicable laws, regulations, and third-party terms.

3. No Warranty

THE SERVICE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, including but not limited to implied warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, reliability, security, or uninterrupted operation. Without limiting the foregoing, we do not warrant that:

• The Service will detect every malicious, vulnerable, or otherwise unsafe package.
• Scan results will be free from false positives or false negatives.
• The Service will be uninterrupted, error-free, or available at any specific time or location.
• Any data, content, classification, or information obtained through the Service is accurate, current, or complete.

You are solely responsible for evaluating the suitability of the Service for your needs and for independently verifying any results before relying on them.

4. Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL PACKAGESCANNER, ITS MAINTAINERS, CONTRIBUTORS, AFFILIATES, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, or any loss of profits, revenue, data, use, goodwill, business, or other intangible losses, arising out of or relating to your access to or use of, or your inability to access or use, the Service, whether based on warranty, contract, tort (including negligence), statute, or any other legal theory, and whether or not we have been advised of the possibility of such damages.

Where liability cannot be excluded under applicable law, our aggregate liability to you for all claims arising out of or relating to the Service shall not exceed the total amount, if any, paid by you to use the Service, which for a free Service is zero (USD 0).

5. Acceptable Use

You agree not to:

• Use the Service for any unlawful, fraudulent, deceptive, or harmful purpose.
• Upload content that contains malware, illegal material, or content that infringes the intellectual property, privacy, publicity, or other rights of any third party.
• Bypass, disable, or interfere with any rate limiting, access control, security measure, or operational safeguard of the Service.
• Scrape the Service at scale, overload the Service, or otherwise interfere with the operational infrastructure of the hosted Service.
• Use the Service to harass, defame, threaten, or otherwise harm any individual, organization, or open-source maintainer, including the authors of any package surfaced through the Service.
• Misrepresent the output of the Service, including by quoting, screenshotting, or sharing scan results out of context in a manner that suggests definitive guilt, malice, or wrongdoing on the part of any package, maintainer, or organization.
• Use the Service in safety-critical, life-support, medical, aviation, nuclear, or other high-risk environments where failure could result in death, personal injury, or severe environmental or property damage.

We may, at our sole discretion and without notice, restrict, suspend, or terminate your access to the Service if we believe you have violated these Terms or that your use poses risk to the Service or other users.

6. User-Submitted Content

You retain ownership of any files or data you submit to the Service (“User Content”). By submitting User Content, you grant us a limited, worldwide, non-exclusive, royalty-free license to process and analyze that content solely for the purpose of providing the Service. You represent and warrant that you have all rights necessary to submit such content and that doing so does not violate any law or third-party right.

You are strongly advised not to upload secrets, credentials, tokens, environment files, proprietary source code, personal data, or any other confidential information. The Service is intended only for the analysis of dependency manifests and lockfiles.

7. Third-Party Data, Packages, and Services

The Service may incorporate, reference, or link to data and content from third-party sources, including but not limited to package registries, security advisories, public datasets, package maintainers, and external websites. We do not control, endorse, sponsor, or assume responsibility for any third-party content, classification, accuracy, or availability. Any reliance on third-party data is at your own risk and is subject to the applicable third party’s terms and policies.

Scan results, severity scores, and labels are generated by automated heuristics and may incorporate data from external sources at varying levels of confidence. They are informational signals only, are not statements of fact, and must not be quoted, screen captured, or shared in a manner that suggests definitive guilt, malice, or wrongdoing on the part of any package, maintainer, or organization. References to specific packages, maintainers, or organizations are descriptive, not accusatory.

8. Intellectual Property

The Service, including but not limited to its source code, design, layout, look and feel, branding, the name “PackageScanner”, logos, trademarks, service marks, databases, and all other content (collectively, the “Service Materials”), is the proprietary property of PackageScanner and its licensors and is protected by applicable intellectual property and other laws. Except for the limited right to access and use the Service in accordance with these Terms, no right, title, license, or interest in or to the Service Materials is granted to you, whether by implication, estoppel, or otherwise.

Open-source components and libraries used within the Service remain governed by their respective open-source licenses, the terms of which control over these Terms with respect to such components. Separate companion integrations or tools that we provide outside the hosted Service are governed by the license accompanying each such tool, not by these Terms.

9. No Professional Advice

The Service does not provide legal, financial, regulatory, compliance, or professional security advice. Scan results, classifications, severity indicators, and any other output are informational only and must not be treated as a definitive determination of safety, vulnerability, exposure, or compliance. You should consult qualified professionals for any decision involving material risk.

10. Modifications to the Service

We may modify, suspend, or discontinue the Service, or any portion or feature thereof, at any time, with or without notice and without liability to you or any third party. Beta, experimental, or preview features may be changed or removed at any time and are provided with no warranty or commitment.

11. Changes to These Terms

We may revise these Terms from time to time. The most current version will always be posted on this page along with the “Last updated” date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised Terms. If you do not agree to the revised Terms, you must stop using the Service.

12. Indemnification

To the fullest extent permitted by applicable law, you agree to defend, indemnify, and hold harmless PackageScanner and its maintainers, contributors, affiliates, and licensors from and against any claims, liabilities, damages, losses, and expenses, including reasonable attorneys’ fees, arising out of or in any way connected with your access to or use of the Service, your User Content, or your violation of these Terms or any applicable law or third-party right.

13. Termination

These Terms remain in effect while you use the Service. We may terminate or suspend your access at any time, with or without notice, for any reason. All provisions of these Terms that by their nature should survive termination shall survive, including without limitation ownership provisions, warranty disclaimers, limitations of liability, and dispute-resolution provisions.

14. Severability and Waiver

If any provision of these Terms is held to be invalid, illegal, or unenforceable, such provision shall be modified to the minimum extent necessary to make it enforceable, or, if not possible, severed from these Terms, and the remaining provisions shall remain in full force and effect. Our failure to enforce any right or provision of these Terms shall not be deemed a waiver of that right or provision.

15. Entire Agreement

These Terms, together with any policies referenced herein, constitute the entire agreement between you and PackageScanner regarding the Service and supersede all prior or contemporaneous agreements, communications, and proposals, whether oral or written, regarding the Service.

16. Contact

For inquiries regarding these Terms, please contact us only via direct message (DM) on X (formerly Twitter) at @tim_yone. This is the sole supported contact channel. Messages sent through any other channel will not be reviewed. Response time is at our sole discretion, and we may not respond at all. Please do not include confidential information, credentials, or personal data in any message.