JSPM

pury

0.2.0
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 8
  • Score
    100M100P100Q36593F
  • License MIT

🛡️ AI-powered security scanner with advanced threat detection, dual reporting system (detailed & summary), and comprehensive code analysis

Package Exports

  • pury
  • pury/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (pury) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

PuryAI - AI-Powered Code Security Scanner 🛡️

npm version TypeScript License: MIT

PuryAI is a powerful, AI-powered command-line tool and library that ensures the "purity" and security of your codebase. It combines traditional static analysis with cutting-edge AI technology to detect malware, vulnerabilities, secrets, and code quality issues.

🌟 Features

🔍 AI-Powered Analysis

  • Malware Detection: Advanced pattern recognition to identify malicious code, obfuscation, and suspicious behaviors
  • Secret Scanning: Detects API keys, passwords, tokens, and other sensitive information
  • Vulnerability Assessment: Identifies security weaknesses and dependency vulnerabilities
  • Code Quality: Analyzes code smells, performance issues, and maintainability problems

🤖 Gemini AI Integration

  • Powered by Google's Gemini AI for intelligent code analysis
  • Context-aware scanning that understands code intent
  • Real-time streaming analysis for large codebases
  • Low false-positive rates through AI reasoning

🛠️ Practical Tools

  • Console Cleaner: Remove debug statements before production
  • Localization Helper: Convert non-English text to English for international collaboration
  • Environment Formatter: Organize and validate .env files
  • Multiple Output Formats: Console, JSON, HTML, and SARIF reports

🚀 Quick Start

Installation

# Install globally
npm install -g pury

# Or use with npx
npx pury --help

Setup

  1. Get your Gemini API key from Google AI Studio

  2. Set the environment variable:

    export GEMINI_API_KEY="your-api-key-here"

  3. Initialize configuration:

    pury init

Basic Usage

# Scan current directory
pury scan .

# Scan specific directory with JSON output
pury scan ./src --format json

# Clean console.log statements
pury clean-logs ./src --apply

# Convert non-English text to English
pury localize ./src --apply

# Format environment files
pury env-format .env --apply

📖 Detailed Usage

Scanning for Security Issues

# Basic security scan
pury scan ./project

# Scan with specific analyzers
pury scan ./src --analyzers malware secrets vulnerabilities

# High sensitivity scan
pury scan ./src --sensitivity high

# Output to file
pury scan ./src --format json --output security-report.json

Configuration

Create a puryai.config.yaml file:

scanner:
  exclude:
    - node_modules/**
    - dist/**
    - '*.min.js'
  maxFileSize: 1048576 # 1MB

analyzers:
  malware:
    enabled: true
    sensitivity: medium
  secrets:
    enabled: true
    sensitivity: high
  vulnerabilities:
    enabled: true
    sensitivity: medium

ai:
  provider: gemini
  gemini:
    model: gemini-2.5-flash
    temperature: 0.1
    maxTokens: 2048

Command Reference

pury scan [path]

Scan files for security threats and code quality issues.

Options:

  • --config <file>: Configuration file path
  • --exclude <patterns...>: Patterns to exclude
  • --include <patterns...>: Patterns to include
  • --format <type>: Output format (console, json, html, sarif)
  • --no-ai: Disable AI analysis
  • --analyzers <types...>: Specific analyzers to run
  • --sensitivity <level>: Analysis sensitivity (low, medium, high)

pury clean-logs [path]

Remove console.log and debug statements.

Options:

  • --apply: Actually apply changes (default is dry-run)
  • --backup: Create backup files
  • --exclude <patterns...>: Patterns to exclude

pury localize [path]

Convert non-English text to English.

Options:

  • --apply: Apply changes
  • --backup: Create backup files
  • --target-lang <lang>: Target language (default: en)

pury env-format [path]

Format and organize environment files.

Options:

  • --apply: Apply formatting
  • --backup: Create backup files
  • --sort: Sort variables alphabetically
  • --group: Group related variables

pury init

Initialize configuration file.

Options:

  • --force: Overwrite existing config
  • --global: Create global config
  • --template <type>: Config template (default, strict, minimal)

🔧 Library Usage

PuryAI can also be used as a library in your Node.js applications:

import { PuryAI } from 'pury';

const pury = new PuryAI();
await pury.loadConfig();

const report = await pury.scan(
  {
    path: './src',
    recursive: true
  },
  {
    analyzers: ['malware', 'secrets'],
    useAI: true,
    sensitivity: 'medium'
  }
);

console.log(`Found ${report.summary.threatsFound} issues`);

🎯 Detection Capabilities

Malware Patterns

  • Obfuscated JavaScript/TypeScript code
  • Base64 encoded payloads
  • Suspicious function calls (eval, exec, Function constructor)
  • Dynamic code generation
  • Command injection patterns
  • Network exfiltration attempts

Secret Detection

  • API keys (AWS, Google, GitHub, etc.)
  • Database credentials and connection strings
  • JWT tokens and OAuth secrets
  • Private keys and certificates
  • Hardcoded passwords
  • Webhook URLs

Vulnerability Types

  • SQL injection opportunities
  • Cross-site scripting (XSS) risks
  • Command injection vulnerabilities
  • Path traversal issues
  • Insecure cryptographic usage
  • Authentication bypasses

Code Quality Issues

  • Debug statements (console.log, debugger)
  • Dead code and unreachable blocks
  • Performance anti-patterns
  • Complexity violations
  • Non-English text in code

🔒 Security & Privacy

  • No Code Upload: All analysis happens locally on your machine
  • API Privacy: Only code patterns are sent to AI services, not full source code
  • Configurable: Disable AI analysis entirely if needed
  • Open Source: Full transparency in security analysis methods

📊 Output Formats

Console Output

Clean, color-coded terminal output with severity indicators and actionable suggestions.

JSON Report

{
  "summary": {
    "filesScanned": 42,
    "threatsFound": 3,
    "severityCount": { "high": 1, "medium": 2, "low": 0 }
  },
  "findings": [
    {
      "type": "secret",
      "severity": "high",
      "title": "API Key Detected",
      "file": "config.js",
      "line": 15,
      "suggestion": "Move to environment variables"
    }
  ]
}

HTML Report

Interactive HTML report with filtering and detailed findings.

SARIF

Industry-standard format compatible with GitHub, VS Code, and other tools.

🛣️ Roadmap

  • VS Code Extension: Real-time scanning in your editor
  • CI/CD Integration: GitHub Actions, Jenkins, GitLab pipelines
  • Custom Rules: Define your own detection patterns
  • Team Collaboration: Shared configurations and reporting
  • More AI Providers: OpenAI, Claude, and local models
  • Additional Languages: Python, Java, Go, Rust support

🤝 Contributing

We welcome contributions! Please see our Contributing Guide for details.

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Add tests
  5. Submit a pull request

📄 License

MIT License - see LICENSE file for details.

🙏 Acknowledgments

  • Google Gemini AI: For powering our intelligent analysis
  • Open Source Community: For security patterns and vulnerability data
  • Security Researchers: For continuous improvement of detection methods

📞 Support

Made with ❤️ by the PuryAI Team

Keep your code pure, secure, and ready for production!