JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 31
  • Score
    100M100P100Q83471F
  • License MIT

Security scanner & code cleaner CLI — 130+ rules including 12 famous-hack patterns, auto-fix, AI-powered review

Package Exports

  • @elytrasec/cli/dist/cli.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@elytrasec/cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

@elytrasec/cli

Elytra Security as a CLI. Scan a directory, get findings with severity + suggested fix, and a 0–100 grade.

173 detection rules across Solidity, JS/TS, Python, Go, Rust, Java, Ruby, PHP, plus IaC (Terraform, Kubernetes, Dockerfile, GitHub Actions). 12 famous-hack pattern detectors ($3.04B combined losses). Public scan receipts on every paid scan.

Install

# one-shot (no install)
npx -y @elytrasec/cli scan .

# global install
npm i -g @elytrasec/cli
elytra scan .

Two equivalent binaries are installed: elytra and elytrasec. Use whichever you prefer.

Usage

elytra scan [path]              # scan a directory (default: git-changed files only)
elytra scan [path] --full       # scan entire codebase
elytra scan [path] --fix        # auto-fix safe findings after scan
elytra clean [path]             # auto-fix code issues
elytra rewrite [path]           # AI-powered code rewrite
elytra harden [path]            # check for missing security controls
elytra init [path]              # set up Elytra in a project
elytra bulk                     # bulk scan repos
elytra rules                    # list all rules with CWE/OWASP tags
elytra version                  # print version

Common flags

  --rulesets <list>      Comma-separated: general,attack,quality,solidity  (default: general,attack,quality)
  --format <fmt>         table | json | markdown                            (default: table)
  --output <file>        Write report to a file
  --fail-on <severity>   Exit 1 if findings >= severity (critical|high|medium|low) — for CI use
  --static-only          Skip AI deep review (free, lower cost)
  --api-key <key>        Elytra API key (or set ELYTRA_API_KEY)

Privacy & safety

  • Local-first: the static engine runs on your machine. No source is uploaded for the default scan flow.
  • AI-assisted commands (rewrite, deep review) call out to the Elytra API only when explicitly invoked.
  • No private keys, no wallet signing, no shell exec beyond what the user requests.
  • --api-key is the only credential — read from flag or ELYTRA_API_KEY env, never written back to disk.

Pricing

License

MIT