npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

fakeout

v1.0.8

Published

Detect disposable email domains — zero dependencies, auto-updated dataset

Downloads

1,234

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

coolstormcoolstorm

Keywords

disposableemailtemporaryburnervalidationdomainblocklist

Readme

fakeout

Catch disposable emails before they catch you.

npm version bundle size license CI

A tiny, zero-dependency library that detects disposable (burner) email domains. The blocklist auto-updates daily — no manual maintenance required.

Install · Usage · API · Staying up to date · How it works

Why?

Disposable email services like Mailinator, Guerrilla Mail, and thousands of others let users sign up with throwaway addresses. This means fake accounts, abused trials, and wasted resources. fakeout lets you detect them with a single function call.

  • 5,000+ domains tracked and growing
  • Zero dependencies — just a Set lookup
  • Auto-updated — new domains added daily via CI
  • TypeScript-first — full type safety and JSDoc

Install

# npm
npm install fakeout

# pnpm
pnpm add fakeout

# yarn
yarn add fakeout

Requires Node.js 18+

Usage

import { isDisposableEmail, isDisposableDomain, getDisposableDomains } from "fakeout";

// Check a full email address
isDisposableEmail("[email protected]");  // true
isDisposableEmail("[email protected]");       // false
isDisposableEmail("not-an-email");         // false (invalid → false)

// Check a bare domain
isDisposableDomain("guerrillamail.com");   // true
isDisposableDomain("outlook.com");         // false

// Get the full list
const domains = getDisposableDomains();    // string[] — sorted, ~5000+ entries

Common patterns

Express middleware:

import { isDisposableEmail } from "fakeout";

app.post("/signup", (req, res) => {
  if (isDisposableEmail(req.body.email)) {
    return res.status(422).json({ error: "Disposable emails are not allowed" });
  }
  // proceed with signup...
});

Form validation:

import { isDisposableEmail } from "fakeout";

function validateEmail(email: string): string | null {
  if (isDisposableEmail(email)) {
    return "Please use a permanent email address";
  }
  return null;
}

API

isDisposableEmail(email: string): boolean

Checks if an email address belongs to a known disposable provider.

| Input | Output | |-------|--------| | "[email protected]" | true | | "[email protected]" | false | | "bad-input" | false |

Returns false for invalid emails rather than throwing.

isDisposableDomain(domain: string): boolean

Checks if a bare domain is in the blocklist. Handles uppercase and extra whitespace.

| Input | Output | |-------|--------| | "guerrillamail.com" | true | | " YOPMAIL.COM " | true | | "gmail.com" | false |

getDisposableDomains(): string[]

Returns a sorted array of all known disposable domains. Each call returns a fresh copy, so mutations won't affect the internal dataset.

Staying up to date

Domain updates are published as patch releases (e.g. 1.0.11.0.2), so the default npm semver range already keeps you current:

npm install fakeout   # saves "^1.x.x" — automatically resolves to the latest patch

Every npm install (or pnpm install / yarn install) in a fresh CI environment or after deleting your lockfile will pull the newest patch. To update an existing lockfile:

npm update fakeout

Automated dependency updates

For hands-free updates, add Renovate or Dependabot to your repo. They'll open PRs whenever a new fakeout version is published.

# .github/dependabot.yml
version: 2
updates:
  - package-ecosystem: npm
    directory: "/"
    schedule:
      interval: daily

How it works

                    ┌─────────────────────────┐
                    │  Upstream blocklist      │
                    │  (disposable-email-      │
                    │   domains/disposable-    │
                    │   email-domains)         │
                    └────────────┬────────────┘
                                 │ daily cron
                                 ▼
                    ┌─────────────────────────┐
                    │  sync-domains script    │
                    │  fetch → clean → hash   │
                    │  → compare → generate   │
                    └────────────┬────────────┘
                                 │ if changed
                                 ▼
                    ┌─────────────────────────┐
                    │  semantic-release       │
                    │  patch bump → publish   │
                    │  to npm                 │
                    └─────────────────────────┘
  1. A GitHub Actions cron job runs daily
  2. It fetches the latest domain list from upstream
  3. If the list changed (SHA-256 comparison), tests run and a new patch version is auto-published to npm
  4. If nothing changed, the job exits silently

The domain list is compiled into a ReadonlySet<string> at build time — zero file I/O at runtime, just a fast hash lookup.

Credits

The disposable domain dataset is sourced from the community-maintained disposable-email-domains project. Huge thanks to all its contributors for keeping the list comprehensive and up to date.

Contributing

Contributions are welcome! If you find a domain that should be blocked:

  • For new disposable domains, please submit them upstream to disposable-email-domains — they'll be picked up automatically on the next sync
  • For bugs or feature requests in fakeout itself, open an issue

License

MIT — use it however you like.