JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 31
  • Score
    100M100P100Q83115F
  • License MIT

Security scanner & code cleaner CLI — 180 detectors, including 12 famous-hack patterns and Base-native wallet/payment/DeFi checks, plus auto-fix and AI-powered review.

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@elytrasec/cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    @elytrasec/cli

    Elytra Security as a CLI. Scan a directory, get findings with severity + suggested fix, and a 0–100 grade.

    173 detection rules across Solidity, JS/TS, Python, Go, Rust, Java, Ruby, PHP, plus IaC (Terraform, Kubernetes, Dockerfile, GitHub Actions). 12 famous-hack pattern detectors ($3.04B combined losses). Public scan receipts on every paid scan.

    Install

    # one-shot (no install)
npx -y @elytrasec/cli scan .

# global install
npm i -g @elytrasec/cli
elytra scan .

    Two equivalent binaries are installed: elytra and elytrasec. Use whichever you prefer.

    Usage

    elytra scan [path]              # scan a directory (default: git-changed files only)
elytra scan [path] --full       # scan entire codebase
elytra scan [path] --fix        # auto-fix safe findings after scan
elytra clean [path]             # auto-fix code issues
elytra rewrite [path]           # AI-powered code rewrite
elytra harden [path]            # check for missing security controls
elytra init [path]              # set up Elytra in a project
elytra bulk                     # bulk scan repos
elytra rules                    # list all rules with CWE/OWASP tags
elytra version                  # print version

    Common flags

      --rulesets <list>      Comma-separated: general,attack,quality,solidity  (default: general,attack,quality)
  --format <fmt>         table | json | markdown                            (default: table)
  --output <file>        Write report to a file
  --fail-on <severity>   Exit 1 if findings >= severity (critical|high|medium|low) — for CI use
  --static-only          Skip AI deep review (free, lower cost)
  --api-key <key>        Elytra API key (or set ELYTRA_API_KEY)

    Privacy & safety

    • Local-first: the static engine runs on your machine. No source is uploaded for the default scan flow.
    • AI-assisted commands (rewrite, deep review) call out to the Elytra API only when explicitly invoked.
    • No private keys, no wallet signing, no shell exec beyond what the user requests.
    • --api-key is the only credential — read from flag or ELYTRA_API_KEY env, never written back to disk.

    Pricing

    License

    MIT