Package Exports
- @digidenone/synapseaudit
- @digidenone/synapseaudit/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@digidenone/synapseaudit) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
SynapseAudit CLI
AI-Powered Security Scanner for modern development workflows.
Professional-grade security analysis that works seamlessly in your terminal. Detect vulnerabilities, get AI-powered fixes, and integrate security into your continuous integration pipelines.
Features
- Cloud Authentication: Sign in to sync results across devices.
- Hybrid Analysis: Static Analysis (AST) combined with Dynamic Analysis and AI verification.
- Advanced Forensics: Code similarity analysis and AI-generated code detection.
- Dashboard Integration: View and manage scans in the web dashboard.
- VS Code Extension Sync: Seamless integration with the SynapseAudit VS Code extension.
- SynapseCortex AI: Advanced contextual vulnerability analysis.
- Analytics & Tracking: Monitor security trends and metrics over time.
- Team Collaboration: Share results and manage project security posture.
Quick Start
Installation
SynapseAudit CLI is available on npm.
# Global installation (Recommended)
npm install -g @digidenone/synapseaudit
# Execute without installation (npx)
npx @digidenone/synapseaudit scan .Usage
# Scan current directory
synapse-audit scan .
# Scan specific file
synapse-audit scan ./src/index.js
# Use short alias
sa scan .
# Scan with AI analysis enabled
synapse-audit scan . --ai
# Export results to JSON
synapse-audit scan . --output report.jsonCommands
scan [path]
Scan files or directories for security vulnerabilities.
# Scan current directory
synapse-audit scan .
# Scan specific directory
synapse-audit scan ./src
# Scan single file
synapse-audit scan ./app.js
# Scan with options
synapse-audit scan . --severity high --format jsonOptions:
-o, --output <file>: Save report to file--ai: Use AI-powered analysis--fix: Auto-apply fixes where possible--ignore <patterns>: Ignore files/patterns--no-progress: Hide progress bar
analyze <subcommand>
Hybrid analysis engine.
# Hybrid scan (Static + Dynamic + AI)
sa analyze hybrid .
# Code review
sa analyze code src/payment.ts
# Dependency check
sa analyze deps .security <subcommand>
Specialized security suites.
# Web application scan
sa security web https://example.com
# Network scan
sa security network 192.168.1.1
# Cloud audit
sa security cloud <target>
# SCA Dependency Check
sa security sca .
# Secret Scanning
sa security secrets .
# IaC Security Config
sa security iac .
# Generate SBOM
sa security sbom .advanced <subcommand>
New in v3.0: Forensics tools.
# Detect AI-generated code
sa advanced ai-detect src/bot.js
# Check code similarity
sa advanced compare fileA.js fileB.jsexplain <vuln>
Get AI explanations for vulnerabilities.
sa explain SQL_INJECTIONmcp
Start Model Context Protocol server for AI assistants.
sa mcpauth
Authenticate with SynapseAudit for cloud features.
# Sign in (opens browser - recommended)
synapse-audit auth login
# Sign in with GitHub device code
synapse-audit auth login
# Sign in with API key
synapse-audit auth login
# Check authentication status
synapse-audit auth status
# Sign out
synapse-audit auth logoutAuthentication Methods:
- Web Browser (Recommended) - Opens dashboard for OAuth sign-in
- GitHub Device Code - Authenticate via GitHub
- API Key - Use generated API key from dashboard
- GitHub Token - Personal access token
Cloud Features (requires authentication):
- Sync scan results to web dashboard
- Track vulnerabilities over time
- Team collaboration and sharing
- Real-time notifications
- Usage analytics and insights
- VS Code extension integration
dashboard
Access web dashboard and cloud features.
# Open dashboard in browser
synapse-audit dashboard open
# View your projects
synapse-audit dashboard projects
# View recent scans
synapse-audit dashboard scans
# Create a new project
synapse-audit dashboard create-project --name "My App"
# View analytics
synapse-audit dashboard analytics
# View notifications
synapse-audit dashboard notifications
# Check connection status
synapse-audit dashboard status
# Sync all data to cloud
synapse-audit dashboard syncDashboard Pages:
/dashboard- Overview and statistics/dashboard/scans- All your security scans/dashboard/projects- Manage projects/dashboard/vulnerabilities- Track all vulnerabilities/dashboard/analytics- Usage insights/dashboard/settings- Account settings
config
Manage configuration and AI providers.
# Setup wizard
synapse-audit config
# Set AI provider
synapse-audit config set ai.provider openai
synapse-audit config set ai.apiKey sk-...
# View current config
synapse-audit config list
# Reset to defaults
synapse-audit config resetSupported AI Providers:
- OpenAI (GPT-4, GPT-3.5)
- Anthropic (Claude 3)
- Google (Gemini)
- Azure OpenAI
- Ollama (Local models)
- Custom endpoints
fix [path]
Get AI-powered fix suggestions for vulnerabilities.
# Get fix suggestions for file
synapse-audit fix ./vulnerable-file.js
# Auto-apply fixes
synapse-audit fix . --auto-apply
# Interactive fix mode
synapse-audit fix . --interactivereport
Generate comprehensive security reports.
# Generate HTML report
synapse-audit report --format html --output report.html
# Generate SARIF for GitHub
synapse-audit report --format sarif --output results.sarif
# Generate PDF report (requires puppeteer)
synapse-audit report --format pdf --output audit.pdfignore
Manage file exclusion patterns.
# Create .synapseaudit-ignore file
synapse-audit ignore init
# Add pattern
synapse-audit ignore add "node_modules/**"
# List ignored patterns
synapse-audit ignore list
# Test if file would be ignored
synapse-audit ignore test ./src/file.jsinit
Initialize SynapseAudit in your project.
# Interactive setup
synapse-audit init
# Quick setup with defaults
synapse-audit init --yes
# Add to package.json scripts
synapse-audit init --scriptsDetailed Capabilities
Security Scanning
- 50+ Vulnerability Types: SQL injection, XSS, code injection, secrets detection.
- Multi-Language Support: JavaScript, TypeScript, Python, Java, PHP, C/C++, Go, Ruby.
- Real-time Analysis: Fast pattern matching combined with optional AI analysis.
- Severity Levels: Critical, High, Medium, Low with clear prioritization.
AI-Powered Intelligence
- Multiple AI Providers: OpenAI, Anthropic, Google, Ollama, Custom.
- Smart Fixes: Context-aware code improvements.
- Automated Remediation: One-command vulnerability fixing.
- Deep Code Understanding: Goes beyond simple pattern matching.
Reporting
- Multiple Formats: Table, JSON, HTML, SARIF, Markdown.
- CLI Output: Color-coded results with progress bars.
- Export Options: Save to file, clipboard, or stdout.
- CI/CD Integration: Exit codes and machine-readable output.
Developer Experience
- Interactive Mode: Choose which fixes to apply.
- Watch Mode: Continuous scanning during development.
- Git Integration: Scan only changed files.
- GitHub Actions: Pre-built workflows.
- VS Code Integration: Works alongside the extension.
Integrations
Web Dashboard
- Sync scan results to cloud dashboard.
- View historical trends and analytics.
- Share results with team members.
- Access from anywhere: https://synapseaudit.digidenone.tech
VS Code Extension
- Seamless data synchronization.
- View CLI scan results in editor.
- Unified security workflow.
- Install: VS Code Marketplace
SynapseCortex AI Engine
- Advanced AI-powered analysis.
- Deep code understanding.
- Context-aware vulnerability detection.
- Automated fix generation.
Backend API
- RESTful API access.
- Programmatic scan management.
- Custom integrations.
- API endpoint: https://synapseaudit.digidenone.tech/api
Appwrite Backend
- Database synchronization.
- User authentication via Clerk.
- Real-time data updates.
- Secure cloud storage.
Admin Panel
- User management.
- Analytics dashboard.
- System monitoring.
- Team administration.
Configuration
Configuration File
Create .synapseaudit.json in your project root:
{
"severity": "medium",
"ignore": [
"node_modules/**",
"dist/**",
"*.min.js"
],
"ai": {
"provider": "openai",
"model": "gpt-4",
"enabled": true
},
"rules": {
"no-hardcoded-secrets": "error",
"no-sql-injection": "error",
"no-xss": "warn"
},
"output": {
"format": "table",
"verbose": true
}
}Environment Variables
# API Configuration
SYNAPSE_API_ENDPOINT=https://synapseaudit.digidenone.tech/api
SYNAPSE_DASHBOARD_URL=https://synapseaudit.digidenone.tech
# Appwrite Configuration (for cloud sync)
SYNAPSE_APPWRITE_ENDPOINT=https://nyc.cloud.appwrite.io/v1
SYNAPSE_APPWRITE_PROJECT_ID=688dbafb003360755658
SYNAPSE_APPWRITE_DATABASE_ID=synapseaudit_db
# GitHub OAuth
SYNAPSE_GITHUB_CLIENT_ID=your_github_app_client_id
# Clerk Authentication (optional)
SYNAPSE_CLERK_PUBLISHABLE_KEY=pk_live_...
# SynapseCortex AI Engine
SYNAPSE_CORTEX_ENDPOINT=https://api.synapseaudit.digidenone.tech/cortex
SYNAPSE_CORTEX_API_KEY=your_cortex_api_key
# AI Provider Configuration (for local AI)
SYNAPSE_AUDIT_AI_PROVIDER=openai
SYNAPSE_AUDIT_AI_KEY=sk-...
SYNAPSE_AUDIT_AI_MODEL=gpt-4
# Feature Flags
SYNAPSE_ENABLE_CLOUD_SYNC=true
SYNAPSE_ENABLE_AI_ANALYSIS=true
SYNAPSE_ENABLE_AUTO_FIX=true
SYNAPSE_EXTENSION_SYNC_ENABLED=true
# Debug
DEBUG=false
SYNAPSE_LOG_LEVEL=infoSetting Environment Variables:
Create ~/.synapseaudit/.env file:
# Copy the example file
cp cli/.env.example ~/.synapseaudit/.env
# Edit with your values
nano ~/.synapseaudit/.envOr set system-wide:
# Linux/macOS - Add to ~/.bashrc or ~/.zshrc
export SYNAPSE_API_ENDPOINT="https://synapseaudit.digidenone.tech/api"
# Windows PowerShell
$env:SYNAPSE_API_ENDPOINT="https://synapseaudit.digidenone.tech/api"
# Windows CMD
set SYNAPSE_API_ENDPOINT=https://synapseaudit.digidenone.tech/apiIgnore File
Create .synapseaudit-ignore:
# Dependencies
node_modules/
vendor/
.pnpm/
# Build outputs
dist/
build/
out/
*.min.js
*.bundle.js
# Test files
**/*.test.js
**/*.spec.ts
__tests__/
# Configuration
*.config.js
.env*CI/CD Integration
GitHub Actions
name: Security Scan
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install SynapseAudit CLI
run: npm install -g @synapseaudit/cli
- name: Run Security Scan
run: synapse-audit scan . --format sarif --output results.sarif
env:
SYNAPSE_AUDIT_AI_KEY: ${{ secrets.OPENAI_API_KEY }}
- name: Upload to GitHub Security
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarifGitLab CI
security_scan:
image: node:20
script:
- npm install -g @synapseaudit/cli
- synapse-audit scan . --format json --output gl-code-quality-report.json
artifacts:
reports:
codequality: gl-code-quality-report.jsonPre-commit Hook
#!/bin/sh
# .git/hooks/pre-commit
echo "Running SynapseAudit security scan..."
npx @synapseaudit/cli scan . --severity high --no-progress
if [ $? -ne 0 ]; then
echo "❌ Security scan failed. Commit aborted."
exit 1
fi
echo "✅ Security scan passed!"Examples
Scan Project
# Basic scan with table output
synapse-audit scan .
# Scan with AI analysis
synapse-audit scan . --ai
# Only show high/critical issues
synapse-audit scan . --severity high
# Export to JSON
synapse-audit scan . --format json --output results.jsonInteractive Fixing
# Review and apply fixes interactively
synapse-audit fix . --interactive
# Auto-apply all fixes
synapse-audit fix . --auto-apply --backup
# Fix only critical issues
synapse-audit fix . --severity criticalGenerate Reports
# HTML report with charts
synapse-audit report --format html --output report.html
# SARIF for GitHub Security
synapse-audit report --format sarif --output results.sarif
# Markdown summary
synapse-audit report --format markdown --output SECURITY.mdWatch Mode
# Continuously scan on file changes
synapse-audit scan . --watch
# Watch with auto-fix
synapse-audit scan . --watch --fixAdvanced Usage
Custom Rules
Create synapse-audit.rules.js:
export default {
rules: [
{
id: 'custom-api-key-check',
severity: 'critical',
pattern: /API_KEY\s*=\s*['"][^'"]+['"]/g,
message: 'Hardcoded API key detected',
fix: 'Move to environment variable'
},
{
id: 'custom-debug-code',
severity: 'low',
pattern: /debugger;/g,
message: 'Debugger statement found',
fix: 'Remove debugger statement'
}
]
};Use with: synapse-audit scan . --rules ./synapse-audit.rules.js
Programmatic API
import { SynapseAuditCLI } from '@synapseaudit/cli';
const scanner = new SynapseAuditCLI({
severity: 'medium',
ai: {
provider: 'openai',
apiKey: process.env.OPENAI_API_KEY
}
});
const results = await scanner.scan('./src');
console.log(`Found ${results.vulnerabilities.length} issues`);
// Apply fixes
if (results.vulnerabilities.length > 0) {
await scanner.fix(results.vulnerabilities, {
autoApply: false,
interactive: true
});
}Cloud Dashboard Integration
Sync your CLI scans with the SynapseAudit cloud dashboard:
# Login to cloud
synapse-audit auth login
# Scan and sync
synapse-audit scan . --sync
# View dashboard
synapse-audit dashboard openVisual Examples
Banner & Welcome Screen
When you run any command, you'll see the beautiful green-themed banner:
███████╗██╗ ██╗███╗ ██╗ █████╗ ██████╗ ███████╗███████╗
... (Green Gradient)
AI-Powered Security Scanner for your codeSample Scan Output
$ sa scan .
✓ Found 25 files to scan
████████████████████████████████████████ 100% | 25/25 files | app.js
Scan Summary
Metric Count
──────────────────────────
Files Scanned 25
Total Issues 12
Critical 2
High 3
Medium 5
Low 2
Fixable 8
Vulnerabilities Found
src/auth.js:
Line Severity Type Description
────────────────────────────────────────────────────────────────
45 CRITICAL SQL Injection Unsafe SQL query construction
89 HIGH XSS Vulnerability Unescaped user input in HTML
Found 12 vulnerabilities across 3 files.
Run 'synapse-audit fix .' to apply 8 automatic fixes.Interactive Fix Mode
$ sa fix . --interactive
✓ AI service ready: openai (gpt-4)
🔧 Generating AI-powered fixes...
src/auth.js:
✓ Generated fix for: SQL Injection
Description: Use parameterized queries
Confidence: 95%
Explanation: Replace string concatenation with prepared statements
- const query = `SELECT * FROM users WHERE id = ${userId}`;
+ const query = 'SELECT * FROM users WHERE id = ?';
+ const [rows] = await db.execute(query, [userId]);
? Apply this fix? (Y/n)
Backup created: src/auth.js.backup
✓ Fix applied!Color Legend
| Symbol | Color | Meaning |
|---|---|---|
| ✓ | Green | Success / Completed |
| ℹ | Green | Information |
| ⚠ | Yellow | Warning |
| ✖ | Red | Error |
| 🔧 | Green | Fix action |
| 📊 | White | Data/Stats |
Severity Colors:
- Critical: Red Bold
- High: Yellow Bold
- Medium: Cyan
- Low: Gray
🔍 Troubleshooting
CLI Not Found
# Check installation
which synapse-audit # macOS/Linux
where synapse-audit # Windows
# Reinstall globally
npm uninstall -g @synapseaudit/cli
npm install -g @synapseaudit/cli
# For local development
cd cli
npm linkLocal Development Issues
# If commands don't work after npm link
npm run build
npm unlink -g @synapseaudit/cli
npm link
# If TypeScript errors occur
npm install
npm run build
# Check if link is working
npm ls -g --depth=0 | grep synapseAI Provider Errors
# Test AI connection
synapse-audit config test-ai
# View detailed logs
synapse-audit scan . --verbose
# Check configuration
synapse-audit config listPermission Issues
# macOS/Linux: Fix permissions
sudo chown -R $USER /usr/local/lib/node_modules/@synapseaudit
# Windows: Run as Administrator or use --force
npm install -g @synapseaudit/cli --force
# Or install without admin rights
npm install -g @synapseaudit/cli --prefix ~/.npm-global
export PATH=~/.npm-global/bin:$PATH # Add to ~/.bashrc or ~/.zshrcCommon Errors
Error: "Cannot find module"
# Rebuild the project
cd cli
npm run buildError: "Command not found: sa"
# Check if npm bin is in PATH
echo $PATH # macOS/Linux
echo $env:PATH # Windows PowerShell
# Add npm global bin to PATH if needed
# macOS/Linux: Add to ~/.bashrc or ~/.zshrc
export PATH="$(npm config get prefix)/bin:$PATH"
# Windows: Add to System Environment Variables
# C:\Users\<username>\AppData\Roaming\npmError: "EACCES: permission denied"
# Use npx instead
npx @synapseaudit/cli scan .
# Or fix npm permissions
# https://docs.npmjs.com/resolving-eacces-permissions-errors📚 Documentation
- Full Documentation
- API Reference
- Examples
- Running Locally - Quick guide to run from source
- Visual Guide - UI examples and color reference
- Quick Reference - Command cheat sheet
- Changelog - Version history
For Developers
- Running from Source: See RUNNING.md - Start here!
- Development Guide: See DEVELOPMENT.md - Complete dev guide
- Contributing: See CONTRIBUTING.md
- Project Structure:
src/- TypeScript source filesdist/- Compiled JavaScript (generated)bin/- CLI entry pointtests/- Test files
- Scripts:
npm run build- Compile TypeScriptnpm run dev- Watch mode (auto-rebuild)npm test- Run testsnpm run lint- Check code style
🤝 Support
- Website: synapseaudit.digidenone.tech
- Email: digidenone@gmail.com
- GitHub: Issues
- Discord: Community
📄 License
MIT © Digidenone
🔐 Secure your code from the command line. Deploy with confidence.
Made with 💚 by the SynapseAudit Team