npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@emailalias/disposable-email-detector

v0.1.2

Published

Detect disposable / temporary email addresses, and distinguish them from legitimate forwarding aliases (EmailAlias.io, SimpleLogin, addy.io, DuckDuckGo, Firefox Relay, Apple Hide My Email).

Readme

@emailalias/disposable-email-detector

Detect disposable / temporary email addresses, and tell them apart from legitimate forwarding aliases like EmailAlias.io, SimpleLogin, addy.io, DuckDuckGo Email Protection, Firefox Relay, and Sign in with Apple's Hide My Email.

Most disposable-email blocklists treat every "unusual" email domain the same. This one separates two distinct categories:

| Category | Example | Action | |---|---|---| | Disposable — mailbox expires, abandoned by design | [email protected], [email protected] | Block at signup | | Forwarding alias — permanent address, forwards to a real inbox the user controls | [email protected], [email protected], [email protected] | Do NOT block — this is a real customer using privacy tooling | | OK — unknown / probably legit mailbox | [email protected] | Allow |

Try the hosted checker at emailalias.io/tools/disposable-email-checker.

Install

npm install @emailalias/disposable-email-detector

Node 18+. ESM. No runtime dependencies.

Usage

import { check, isDisposable, isForwardingAlias } from "@emailalias/disposable-email-detector";

isDisposable("[email protected]");        // true
isDisposable("[email protected]");        // false — it's a forwarding alias

isForwardingAlias("[email protected]");   // true

const result = check("[email protected]");
// {
//   verdict: "forwarding_alias",
//   provider: "EmailAlias.io",
//   reason: "Address is a forwarding alias … Do NOT treat as disposable.",
//   email: "[email protected]",
//   domain: "emailalias.io",
//   local: "user"
// }

check() returns one of: "disposable" | "forwarding_alias" | "suspicious" | "ok" | "invalid".

What gets detected

  1. Disposable domain list (~74,000 providers — Mailinator, 10MinuteMail, GuerrillaMail, YOPmail, Temp-Mail, and the long tail of obscure throwaway services). Synced weekly from upstream MIT-licensed community lists.
  2. Personally-observed list — domains seen directly in EmailAlias.io abuse logs, with provenance notes (Cloudflare Email Routing MX, NameSilo mail-only, etc.). Survives every upstream refresh.
  3. Forwarding-alias provider list — used to flip the verdict from disposable to forwarding_alias and tell the integrator who NOT to block.
  4. Heuristics on the local part and TLD:
    • Suspicious TLDs: .tk, .ml, .ga, .cf, .gq
    • Local part looks randomly generated
    • Local part starts with a throwaway keyword (temp, throw, trash, spam, junk, …)

Two or more heuristic hits flips the verdict to suspicious. One hit alone is left at ok — single signals are too noisy on real addresses.

Why split disposable from forwarding alias?

Mail to a Mailinator address lands in a public inbox that anyone can read. Mail to a DuckDuckGo or EmailAlias.io address forwards to the user's real inbox. Site owners blocking both end up rejecting privacy-conscious customers — exactly the audience least likely to come back. Splitting the verdict lets you block disposable and allow forwarding_alias with one library.

License

MIT. Source and bug reports: github.com/emailalias/disposable-email-detector. The Python sibling package is at disposable-email-detector on PyPI.