Package Exports
- ship-safe
- ship-safe/cli/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (ship-safe) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
AI security agent for developers. Scan, fix, and ship safely.
shipsafecli.com · Docs · Blog
Type ship-safe and you're in. 23 agents scan your codebase for secrets, injections, AI/LLM vulnerabilities, supply chain attacks, and 80+ other classes. The agent shows a diff for every proposed fix, asks before writing, and verifies the fix worked. Every change is logged and reversible.
npx ship-safeQuick Start
# Interactive REPL — scan, fix, ask questions in one session
npx ship-safe
# Full audit: secrets + 23 agents + deps + remediation plan
npx ship-safe audit .
# Interactive fix agent: plan → diff → accept → verify
npx ship-safe agent .
npx ship-safe agent . --severity critical # critical findings only
npx ship-safe agent . --branch --pr # fix on a branch + open a PR
# Undo the last fix
npx ship-safe undo
# CI/CD mode
npx ship-safe ci . --threshold 80 --sarif results.sarifNo signup. No API key required for scanning. Works offline.
23 Security Agents
All agents run in parallel. Each skips irrelevant projects automatically.
| Agent | Category | What It Detects |
|---|---|---|
| InjectionTester | Code Vulns | SQL/NoSQL injection, command injection, XSS, path traversal, XXE, ReDoS, prototype pollution |
| AuthBypassAgent | Auth | JWT flaws (alg:none, weak secrets), CSRF, OAuth misconfig, BOLA/IDOR, TLS bypass |
| SSRFProber | SSRF | User input in fetch/axios, cloud metadata endpoints, internal IPs |
| SupplyChainAudit | Supply Chain | Typosquatting, wildcard versions, suspicious install scripts, dependency confusion |
| ConfigAuditor | Config | Docker (root user, :latest), Terraform, Kubernetes, CORS, CSP, Firebase, Nginx |
| SupabaseRLSAgent | Auth | service_role key in client code, tables without RLS, anon key inserts |
| LLMRedTeam | AI/LLM | OWASP LLM Top 10: prompt injection, excessive agency, system prompt leakage |
| MCPSecurityAgent | AI/LLM | MCP server misuse, tool poisoning, typosquatting, unvalidated inputs |
| AgenticSecurityAgent | AI/LLM | OWASP Agentic AI Top 10: agent hijacking, privilege escalation |
| RAGSecurityAgent | AI/LLM | Context injection, document poisoning, vector DB access control |
| MemoryPoisoningAgent | AI/LLM | Instruction injection in agent memory files, hidden Unicode payloads (ASI-01, ASI-05) |
| PIIComplianceAgent | Compliance | SSNs, credit cards, emails, phone numbers in source code |
| VibeCodingAgent | Code Vulns | AI-generated code anti-patterns: no validation, empty catches, TODO-auth |
| ExceptionHandlerAgent | Code Vulns | Empty catches, unhandled rejections, leaked stack traces (OWASP A10:2025) |
| AgentConfigScanner | AI/LLM | Prompt injection in .cursorrules, CLAUDE.md, malicious Claude Code hooks |
| MobileScanner | Mobile | OWASP Mobile Top 10 2024: insecure storage, WebView injection, debug mode |
| GitHistoryScanner | Secrets | Leaked secrets in git commit history |
| CICDScanner | CI/CD | Pipeline poisoning, unpinned actions, secret logging (OWASP CI/CD Top 10) |
| APIFuzzer | API | Routes without auth, mass assignment, GraphQL introspection, debug endpoints |
| ManagedAgentScanner | AI/LLM | Claude Managed Agent misconfigs: always_allow policies, unrestricted networking (ASI-03–ASI-07) |
| HermesSecurityAgent | AI/LLM | Tool registry poisoning, function-call injection, skill permission drift (ASI-01–ASI-10) |
| AgentAttestationAgent | Supply Chain | Unpinned agent versions, missing integrity hashes, unsigned manifests (ASI-10, SLSA L0) |
| AgenticSupplyChainAgent | Supply Chain | Over-privileged AI CI actions, OAuth scope creep, unsigned AI webhook receivers (ASI-02, ASI-06) |
Post-processors: ScoringEngine · VerifierAgent (secrets liveness) · DeepAnalyzer (LLM taint analysis)
The REPL
$ ship-safe
███████╗██╗ ██╗██╗██████╗ ███████╗ █████╗ ███████╗███████╗
...
v9.2.3 · DeepSeek · ~/my-project
/scan to find issues · /agent to fix them · /help for more
shipsafe ›| Command | What it does |
|---|---|
/scan |
Re-scan the project |
/agent |
Run the interactive fix loop |
/findings |
List findings from the last scan |
/show <n> |
Full detail on finding n |
/plan <n> |
Preview fix plan for finding n (no writes) |
/undo [--all] |
Revert the last fix (or all fixes) |
/share |
Publish scan report as a public URL (7 days) |
/diff |
Show git working-tree diff |
/provider <name> |
Switch LLM provider mid-session |
/quit |
Exit (also Ctrl-D or Ctrl-C) |
Anything not starting with / is sent to the LLM as a free-form question, with your latest scan results as context.
CI/CD
# .github/workflows/security.yml
name: Security Audit
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Security gate
run: npx ship-safe ci . --threshold 75 --sarif results.sarif
- uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: results.sarifLLM Support
Works with any provider — auto-detected from environment variables. Use --provider <name> to override.
Anthropic · OpenAI · Google · DeepSeek · Groq · Together · Mistral · xAI · Perplexity · Ollama · LM Studio · any OpenAI-compatible endpoint
No API key required for scanning. AI is optional.
Suppress False Positives
password = get_password() # ship-safe-ignore# .ship-safeignore
tests/fixtures/
docs/Add a Badge
[](https://shipsafecli.com)Contributing
- Fork · add your pattern, agent, or config · open a PR
- See CONTRIBUTING.md
Sponsors
Ship Safe is MIT-licensed and free forever.
Star History
Ship fast. Ship safe. — shipsafecli.com