JSPM

Found 2113 results for compliance

pa11y

Pa11y is your automated accessibility testing pal

  • v9.1.1
  • 60.38
  • Published

webpack-license-plugin

Extracts OSS license information of the npm packages in your webpack output

  • v4.5.1
  • 59.06
  • Published

pa11y-ci

Pa11y CI is a CI-centric accessibility test runner, built using Pa11y

  • v4.1.1
  • 57.81
  • Published

@raishin/vanguard-frontier-agentic

Cloud and zero-trust agentic workflow marketplace for skills, agents, rules, MCP references, and compliance-aware architecture.

  • v3.1.1
  • 53.01
  • Published

@c15t/backend

Consent policy engine and API for c15t. Powers the cookie banner, consent manager, and preference center. Webhooks, audit logs, storage adapters. Self-host or use inth.com

  • v2.1.0
  • 50.78
  • Published

@redactpii/node

Zero dependencies, blazing fast regex-based PII redaction with optional compliance dashboard integration. The modern fork of the abandoned 786k-download library.

  • v1.0.17
  • 49.57
  • Published

@pulumi/compliance-policy-manager

This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.

  • v0.1.6
  • 48.39
  • Published

klaro

A simple but powerful consent manager.

  • v0.7.21
  • 47.59
  • Published

@mitre/hdf-converters

Converters for transforming security tool outputs and HDF formats

  • v3.3.2
  • 47.05
  • Published

rollup-license-plugin

Extracts OSS license information of the npm packages in your rollup or vite output

  • v3.2.1
  • 46.84
  • Published

orejime

A lightweight and accessible consent manager

  • v3.2.0
  • 46.75
  • Published

@pulumi/aws-compliance-policies

This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.

  • v0.0.23
  • 43.68
  • Published

open-agreements

Open-source legal template filling CLI and library

  • v0.8.0
  • 42.35
  • Published

great-cto

One command install for the great_cto Claude Code plugin. Auto-detects your stack, picks the right archetype, bootstraps PROJECT.md.

  • v2.85.3
  • 40.41
  • Published

@kosli/cli

CLI client for reporting compliance events to https://kosli.com

  • v2.32.0
  • 40.04
  • Published

guardvibe

Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 453 rules, 39 tools, CLI + doctor. Prompt-level shift-left security (secure_prompt — e

  • v3.29.0
  • 39.39
  • Published

@greenarmor/ges-mcp-server

GESF MCP Server - AI Compliance Assistant for GDPR, OWASP, NIST, CIS. Check compliance, generate policies, assess risks via MCP protocol.

  • v1.6.6
  • 38.94
  • Published

@vaara/client

TypeScript client for the Vaara HTTP API: EU AI Act runtime evidence for MCP tool calls. Conformal risk scoring, policy gating, hash-chained tamper-evident audit, named detectors.

  • v1.23.1
  • 38.54
  • Published

@blamejs/exceptd-skills

AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (519 CVEs / 193 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,

  • v0.18.21
  • 38.43
  • Published

scorechain-sdk

SDK for the Scorechain API

    • v1.0.3
    • 38.31
    • Published

    @pipeline-builder/pipeline-core

    AWS CDK construct library for Pipeline Builder: the Builder construct that assembles plugin specs into a CodePipeline stack, PluginLookup custom resource, pipeline/plugin domain types, and shared configuration.

    • v3.4.99
    • 38.10
    • Published

    @greenarmor/ges

    Green Engineering Standard Framework - Compliance-as-Code CLI

    • v1.6.6
    • 38.00
    • Published

    @pipeline-builder/pipeline-manager

    CLI for Pipeline Builder self-service AWS CodePipeline platform with 125 reusable containerized plugins, per-org compliance enforcement, and per-organization (and team) isolation.

    • v3.4.138
    • 37.68
    • Published

    cdk-insights

    AWS CDK security and cost analysis CLI. Free static scans via npm — no account needed. Sign up free to add AI-powered insights.

    • v1.54.1
    • 37.30
    • Published

    @objectstack/plugin-audit

    Audit Plugin for ObjectStack — System audit log object and audit trail

    • v12.6.0
    • 37.09
    • Published

    @pipeline-builder/api-core

    Core server-side utilities (auth middleware, response helpers, error codes, quota service, HTTP client, logging, AI provider catalog) shared by every Pipeline Builder backend service.

    • v3.4.82
    • 36.84
    • Published

    metago-lifeform

    MetaGO Agent Harness(智能体运行时控制层套件 · 驭智层)— 智能体运行时控制层,让 Agent 从会说话升级为会干活、守规矩、会进化、可追溯、能闭环的生命体。39 技能 · 53 MCP tools · 8 公理 · Engine V2(KMWI 四层记忆 + 元进化五阶段 + 技能智能生成)· 决策锁四道关卡 · 全链路溯源。支持 7 大 AI 编程平台。MIT 开源。

    • v36.8.3
    • 36.70
    • Published

    ofac

    A module to facilitate local OFAC searches

    • v1.0.21
    • 36.38
    • Published

    @pipeline-builder/api-server

    Express server infrastructure for Pipeline Builder: app factory, middleware (CORS, Helmet, rate limiting, idempotency, ETag), request context, route wrappers, health-check helpers, and SSE support.

    • v3.4.105
    • 36.15
    • Published

    governance-sdk

    AI Agent Governance for TypeScript — policy enforcement, scoring, compliance, and audit for AI agents

    • v0.18.1
    • 36.06
    • Published

    @pipeline-builder/pipeline-data

    Database layer for Pipeline Builder: Drizzle ORM schemas, connection management, query builders, and the generic CrudService base class with per-organization (and team) access control.

    • v3.4.85
    • 35.66
    • Published

    @seontechnologies/seon-id-verification

    An advanced SDK for natural person identification through document scanning, facial recognition, designed for secure and efficient user verification.

      • v2.1.0
      • 35.32
      • Published

      document-integrity-validator-mcp

      Document integrity validator for AI agents. Verifies authenticity against international standards before acting on contents. PASS/FAIL verdict in one call.

      • v1.0.28
      • 35.19
      • Published

      wcag-contrast-utils

      A production-ready TypeScript utility for calculating contrast ratios and validating WCAG 2.1 color accessibility requirements.

      • v1.0.2
      • 34.99
      • Published

      @highflame/taxonomy

      Unified vulnerability taxonomy with multi-framework compliance mappings (MITRE ATLAS, OWASP, NIST, EU AI Act, CWE)

      • v1.1.16
      • 34.96
      • Published

      @sheplu/aws-safe-modules

      A collection of CDKTF modules for AWS, with security and compliance in mind

      • v0.2.4
      • 34.89
      • Published

      vesant-sdk

      TypeScript SDK for Vesant Compliance Platform - Geolocation, KYC, Risk Profiling, CipherText, and Compliance Orchestration

      • v1.6.6
      • 34.84
      • Published

      cia-compliance-manager

      React components, hooks, and services for CIA triad security assessment, compliance management, and risk analysis — supporting ISO 27001, NIST 800-53, SOC 2, GDPR, HIPAA, and EU CRA frameworks

      • v1.1.104
      • 34.81
      • Published

      @elaraai/e3-api-tests

      East Execution Engine API Compliance Tests - shared test suites for e3 API implementations

      • v1.0.30
      • 34.79
      • Published

      ohrisk

      Catch open-source license risk before your PR ships.

      • v1.1.1
      • 34.72
      • Published

      license-compatibility-checker

      Check npm dependencies' package.json for license compatibility (aka compliance check) with the current project based on spdx notation and naming conventions.

      • v0.3.5
      • 34.66
      • Published

      @mcpfusion/core

      MVA (Model-View-Agent) framework for the Model Context Protocol. Structured perception packages with Presenters, cognitive guardrails, self-healing errors, action consolidation, and tRPC-style type safety — so AI agents perceive and act on your data det

      • v4.3.1
      • 34.65
      • Published

      better-auth-audit-logs

      Audit log plugin for Better Auth. Captures auth lifecycle events, stores structured log entries, and exposes query endpoints with PII redaction and custom storage backends.

      • v0.3.0
      • 34.64
      • Published

      @vesant-sdk/transaction

      Transaction monitoring client for the Vesant Compliance Platform

      • v0.1.0
      • 34.56
      • Published

      @vesant-sdk/core

      Core utilities for Vesant SDK packages — BaseClient, errors, config, circuit breaker, rate limiter

      • v0.1.0
      • 34.48
      • Published

      @pipeline-builder/ai-core

      Shared AI provider registry for Pipeline Builder: lazily initialized SDK wrappers for Anthropic, OpenAI, Google, xAI, and Bedrock used by AI-assisted pipeline and plugin generation.

      • v3.4.82
      • 34.46
      • Published

      @mcpfusion/testing

      In-memory MVA lifecycle emulator for MCP Fusion. Runs the full pipeline (Zod Input → Middlewares → Handler → Egress Firewall) without network transport. Returns structured MvaTestResult objects — zero coupling to Jest/Vitest.

      • v4.3.1
      • 34.16
      • Published

      @asqav/sdk

      AI agent governance - audit trails, policy enforcement, ML-DSA cryptographic signatures

      • v0.8.0
      • 34.15
      • Published

      convex-audit-log

      A comprehensive audit logging component for Convex - track user actions, API calls, and system events with built-in compliance features.

      • v0.2.0
      • 34.10
      • Published

      @kopexa/grc

      GRC (Governance, Risk, Compliance) components for Kopexa

      • v18.3.2
      • 34.05
      • Published

      @basis-theory-ai/react

      A React payment library with BasisTheory integration

        • v1.0.1-beta.7
        • 34.05
        • Published

        treetrace

        Catch every time your AI coding agent touches auth, secrets, or skips a test, then turn the correction you made into a local regression eval. Local-first, deterministic, no LLM judge.

        • v0.10.4
        • 33.64
        • Published

        license-checker-evergreen

        NPM license audit and dependency compliance checker - Scan, validate, and analyze open source licenses with SPDX validation. Feature-enhanced, TypeScript-based fork of license-checker with better performance and reliability.

        • v6.3.1
        • 33.64
        • Published

        mcp-server-scf

        MCP server for the SCF Controls Platform — security compliance controls, frameworks, evidence, and risk management for AI agents

        • v1.6.3
        • 33.57
        • Published

        iso27001-mcp

        ISO 27001 compliance workspace for Claude — controls, risks, policies, evidence, audits, and SoA in one local encrypted MCP server

        • v0.9.73
        • 33.42
        • Published

        @artu-ai/shared

        Shared types and schemas for Artu Compliance packages

        • v0.17.0
        • 33.40
        • Published

        @ory/argus

        Ory Argus: the core API for building authentication, authorization, and audit into AI agent harness plugins, extensions, and custom integrations

        • v0.11.1
        • 33.33
        • Published

        @kikoda/cdk-constructs

        Collection of useful platform constructs for modern applications deployed with AWS CDK

        • v0.6.5
        • 33.30
        • Published

        @mitre/hdf-schema

        JSON schemas and multi-language type definitions for Heimdall Data Format (HDF)

        • v3.3.2
        • 33.09
        • Published

        @vesant-sdk/fraud

        Fraud detection and scoring client for the Vesant Compliance Platform

        • v0.1.0
        • 32.97
        • Published

        clean-room-skill

        Spec-first clean-room workflow for authorized source analysis without replacement code.

        • v0.6.5
        • 32.90
        • Published

        bizfile-mcp

        Pre-payment counterparty verification for AI agents. KYC, risk screening across 386 data sources, Companies House, ACRA. PROCEED/BLOCK verdict in one call.

        • v4.10.53
        • 32.84
        • Published

        @verifiquemos/sdk

        Official TypeScript SDK for the Verifiquemos compliance API

        • v0.16.1
        • 32.78
        • Published

        @acosmi/sdk-ts

        Acosmi TypeScript SDK:模型网关、Agent Run Gateway 与 Compliance(电子证据、时间章、报告、签署 envelope)统一客户端,支持浏览器 / Node ≥18 / Deno / Bun。

        • v2.10.0
        • 32.72
        • Published

        @mitre/hdf-mappings

        CCI/NIST/CIS/CMMC security framework mappings for HDF

        • v3.3.2
        • 32.72
        • Published

        data-compliance-mcp

        Data safety classifier for AI agents. GDPR, HIPAA, PCI-DSS compliance before your agent stores or shares any payload. SAFE/ESCALATE verdict in one call.

        • v1.0.31
        • 32.70
        • Published

        eslint-plugin-repo

        ESLint rules for repository compliance across GitHub, GitLab, Bitbucket, Codeberg/Forgejo, AWS, Azure, Google Cloud, Docker, Vercel, Netlify, and DigitalOcean.

        • v1.0.9
        • 32.68
        • Published

        @pieverse/receipt

        One-click receipt generation for Web3 transactions with tax compliance

        • v0.1.1
        • 32.57
        • Published

        pot-cli

        Multi-model AI verification with adversarial critique. No AI can verify itself — so they verify each other.

        • v0.8.8
        • 32.28
        • Published

        @ido4/core

        ido4 core — context intelligence, task distribution, and deterministic governance for AI-hybrid software development

        • v0.13.1
        • 32.24
        • Published

        trickle-cli

        Zero-code runtime observability for JS/Python + AI agent debugging. Traces LangChain, CrewAI, OpenAI, Anthropic, Gemini. Eval, security, compliance, cost tracking. Free, local-first.

          • v0.1.229
          • 32.23
          • Published

          @ory/openclaw

          Ory plugin for OpenClaw: scaffolding skills, a local Ory instance, and authentication, authorization, and audit for every tool call

          • v0.11.1
          • 32.19
          • Published

          @tantainnovative/ndpr-toolkit

          Nigeria Data Protection Toolkit — enterprise-grade compliance components for the Nigeria Data Protection Act (NDPA) 2023

          • v5.7.4
          • 32.11
          • Published

          @venturekit-pro/audit

          Append-only audit + cost-tracking log for VentureKit applications

          • v0.0.5
          • 32.11
          • Published

          @chainlink/ace

          Chainlink Automated Compliance Engine (ACE) Contracts

          • v1.1.1
          • 32.09
          • Published

          @ory/codex

          Ory plugin for Codex: scaffolding skills, a local Ory instance, and authentication, authorization, and audit for every tool call

          • v0.11.1
          • 32.07
          • Published

          @wundr.io/security

          Enterprise security and compliance module for Wundr platform

          • v1.0.39
          • 32.02
          • Published

          regula-wasi

          Infrastructure as Code security and compliance evaluation tool (WASI build). Fork of fugue/regula with security patches.

          • v3.2.5
          • 32.00
          • Published

          @specora/sdk

          Specora Platform SDK for Node.js - AI governance and policy enforcement

          • v0.8.0
          • 31.95
          • Published

          @ogcio/consent

          Client-side consent management package using the Secure API Gateway

          • v1.5.0
          • 31.84
          • Published

          cloakllm

          PII cloaking and tamper-evident audit logs for LLM API calls. EU AI Act Article 12 compliance.

          • v0.12.0
          • 31.78
          • Published

          @agledger/sdk

          AGLedger™ SDK: accountability and audit infrastructure for agentic systems.

          • v1.2.0
          • 31.77
          • Published

          autotel-audit

          Audit-focused helpers for Autotel (force-keep + structured audit instrumentation)

          • v0.4.2
          • 31.71
          • Published

          @probo/n8n-nodes-probo

          n8n nodes for integrating with the Probo compliance platform API

          • v0.200.0
          • 31.68
          • Published

          protect-mcp

          Fail-closed Cedar policy gate + Ed25519 signed receipts for AI agent tool calls. Denies on any policy error, proves the gate is live with a startup self-test, and turns every decision into a local searchable record you own. The open gate behind Legate by

          • v0.9.7
          • 31.57
          • Published

          @ory/opencode

          Ory plugin for OpenCode: scaffolding skills, a local Ory instance, and authentication, authorization, and audit for every tool call

          • v0.11.1
          • 31.56
          • Published

          @kognai/build

          Kognai sovereign orchestrator — interactive REPL (kognai) + one-shot CLI (kognai-build). Triple-supervisor + compliance review + TICKET-135 optimization profiles + TICKET-203/207 workspace integration.

          • v0.7.10
          • 31.51
          • Published

          n8n-nodes-signatrust

          n8n community node for Signatrust — generate, verify, and retrieve cryptographically signed AI Decision Receipts (Ed25519) for autonomous AI agents. Cloud and self-hosted enterprise.

          • v0.3.4
          • 31.50
          • Published

          @ory/claude-code

          Ory plugin for Claude Code: scaffolding skills, a local Ory instance, and authentication, authorization, and audit for every tool call

          • v0.11.1
          • 31.42
          • Published

          @connexum/ai-governance

          Enterprise AI agent governance framework. Hook-based enforcement, compliance packs (SOC 2, HIPAA, GDPR, PCI DSS, DORA, EU AI Act, ISO 27001), audit trails, multi-LLM adapter architecture (Claude production today; additional providers on roadmap).

          • v1.0.0-beta.30
          • 31.41
          • Published

          @ory/gemini-cli

          Ory extension for Gemini CLI: scaffolding skills, a local Ory instance, and authentication, authorization, and audit for every tool call

          • v0.11.1
          • 31.23
          • Published

          @gtprojects/mcpguard

          Open-source security firewall for MCP (Model Context Protocol) servers. Scan, monitor, and enforce policies on AI agent tool calls.

          • v0.2.1
          • 31.15
          • Published

          @grepture/sdk

          Grepture proxy SDK — drop-in fetch wrapper for AI API governance

          • v0.1.8
          • 31.12
          • Published

          @aryaminus/controlkeel

          Bootstrap installer for the ControlKeel native CLI - a control plane for agent-generated software delivery.

          • v0.3.62
          • 31.07
          • Published

          lula2

          A tool for managing compliance as code in your GitHub repositories.

          • v0.9.5
          • 31.00
          • Published

          pa11y-unlimited

          Pa11y is your automated accessibility testing pal

          • v9.6.1
          • 30.96
          • Published

          ruleprobe-ai

          Test whether your repo AI instructions actually survive execution.

          • v2.12.0
          • 30.90
          • Published

          @holmdigital/standards

          Machine-readable regulatory database mapping WCAG to EN 301 549 and national accessibility law across 17 jurisdictions, with enforcement-body lookups.

          • v2.10.0
          • 30.87
          • Published

          rcf-protocol

          RCF CLI — Active Integrity & Protection Framework (TypeScript Edition)

          • v2.1.7
          • 30.78
          • Published

          corporate-taxid-checker-js

          Validate tax identification numbers (TIN, VAT, EIN, GST, ITIN, SSN) for 76+ countries. Regex, checksum, and online VIES/government verification. TypeScript-first with LLM tool definitions.

          • v2.1.0
          • 30.78
          • Published

          @cyanheads/sanctions-screening-mcp-server

          Screen names against the consolidated OFAC, EU, UK, and UN sanctions lists and resolve legal entities against GLEIF, fuzzy-matched offline over a local SQLite + FTS5 mirror. A screening aid, not a compliance determination.

          • v0.1.7
          • 30.77
          • Published

          compliance

          validate compliance of a javascript module against a test suite module

          • v0.2.2
          • 30.65
          • Published

          @nugehs/bouncer

          bouncer — static compliance-controls checker. Verifies the controls a regulation requires actually exist in your code (UK Online Safety Act, ICO Children's Code), as deterministic rule packs. No LLM required.

          • v0.2.0
          • 30.56
          • Published

          meshflow-sdk

          TypeScript client SDK for MeshFlow — Zero Trust AI agents, HIPAA/SOX/GDPR compliance, tamper-evident audit chain, wire-level tool call enforcement

          • v1.14.0
          • 30.49
          • Published

          @wasmagent/compliance

          WasmAgent Compliance Engine — TaskSpec-driven verification, local repair, and evidence export for LLM agent runs.

          • v1.8.0
          • 30.48
          • Published

          article50

          EU AI Act Article 50 transparency compliance toolkit — scan your code, audit your site, generate the fix before August 2, 2026.

            • v0.9.0
            • 30.44
            • Published

            @proappstore/compliance

            Compliance checks for apps published on proappstore.online — used by the CLI for local feedback and by CI for gating.

            • v0.2.6
            • 30.36
            • Published

            bylaw-ts

            Bylaw ALCV runtime enforcement SDK for AI agent actions with policy-gated clearance, A-JWT authorization, and audit evidence

            • v0.6.8
            • 30.25
            • Published

            @pipeline-builder/pipeline-events

            AWS Lambda handler for Pipeline Builder that ingests CodePipeline state-change events from EventBridge and forwards normalized payloads to the reporting service.

            • v3.4.70
            • 30.24
            • Published

            syntropylog

            Observability framework for Node.js powered by a native Rust engine: declarative correlation, PII masking, per-level field control and retention enforced on every log, serialized + masked + sanitized in one native pass (transparent JS fallback). Failsafe

            • v1.2.0
            • 30.20
            • Published

            @adminforth/audit-log

            Audit log plugin for AdminForth with CRUD diffs, actor tracking, and activity history

            • v1.9.30
            • 30.15
            • Published

            @yawlabs/mcp-compliance

            CLI tool and MCP server that tests MCP servers for spec compliance

            • v0.16.3
            • 30.14
            • Published

            deep-focus-trap

            A focus trap library that pierces that shadow dom. So you can use it with native web components. Deep Focus Trap is a lightweight library written in vanilla js with only one dependency (that is tree-shakable if not in use).

            • v0.0.3
            • 30.06
            • Published

            verification-layer

            Open-source HIPAA compliance scanner for healthcare code. 131 rules, 5 HIPAA categories. CLI + CI/CD + VS Code.

            • v0.27.1
            • 29.93
            • Published

            a2a-trustgate

            A2A TrustGate CLI — Safety, compliance, and governance for AI agents. Screen every action before it executes.

            • v1.5.1
            • 29.90
            • Published

            @tar_9897/certus-ai

            Certus CLI for compliance enforcement at the merge gate with 5 scanners, 18 blueprints, and signed evidence workflows.

            • v2.2.4
            • 29.89
            • Published

            @zintrust/governance

            ESLint and governance tooling package for ZinTrust.

              • v2.9.0
              • 29.66
              • Published

              dpdp-erasure-cli

              [![npm version](https://img.shields.io/npm/v/dpdp-erasure-cli?color=14b8a6&style=flat-square)](https://www.npmjs.com/package/dpdp-erasure-cli)

              • v1.1.2
              • 29.64
              • Published

              @atlasent/sdk

              TypeScript SDK for the AtlaSent authorization API

              • v2.16.0
              • 29.60
              • Published

              @carrerahaus/latinfo

              KYB API for Latin American legal entities. 20+ public registry sources for Peru — SUNAT, OSCE, OECE and more. Offline MPHF search, full OCDS data, updated daily.

              • v0.21.4
              • 29.59
              • Published

              @driftgard/node

              Official DriftGard Node.js SDK — evaluate LLM interactions against your compliance policy

              • v1.27.0
              • 29.58
              • Published

              @evalguard/core

              EvalGuard core — LLM evaluation, security testing, firewall, gateway, and monitoring engine. Runtime dep of @evalguard/sdk and @evalguard/cli.

              • v1.4.0
              • 29.57
              • Published

              athena-trust-sdk

              ATHENA SDK for JavaScript and TypeScript

              • v1.2.1
              • 29.56
              • Published

              sovereign-ai-act-mcp

              MCP server exposing Leo — the deterministic EU AI Act (Regulation (EU) 2024/1689) classifier — as tools for AI agents. Every answer cites the law verbatim.

              • v1.3.0
              • 29.56
              • Published

              @nozomtechs/grc-mcp

              MCP server for the Nozom Cybersecurity GRC Platform — exposes GRC API endpoints as Model Context Protocol tools. R-EXTSPEC: @modelcontextprotocol/sdk v1.29.0 — https://modelcontextprotocol.io/specification/latest

              • v0.3.3
              • 29.56
              • Published

              @africode/core

              Bun-native full-stack framework with generative AI, fintech compliance, and real-time performance - built for Tanzanian digital economy

              • v5.0.8
              • 29.55
              • Published

              @ido4/mcp

              ido4 MCP server — context intelligence, task distribution, and governance for AI-hybrid software development in Claude Code

              • v0.13.1
              • 29.43
              • Published

              @vinkius-core/mcp-fusion

              MVA (Model-View-Agent) framework for the Model Context Protocol. Structured perception packages with Presenters, cognitive guardrails, self-healing errors, action consolidation, and tRPC-style type safety — so AI agents perceive and act on your data deter

              • v3.1.31
              • 29.43
              • Published

              @hazeljs/audit

              Audit logging and event trail for HazelJS applications

              • v1.0.5
              • 29.40
              • Published

              speclock

              Stop AI from breaking code you told it not to touch. Enforces .cursorrules, CLAUDE.md, and AGENTS.md — not just suggests. Zero-config: npx speclock protect reads your existing AI rule files, extracts constraints, installs pre-commit hooks, and makes your

              • v5.7.0
              • 29.33
              • Published

              acf-mcp

              Official ACF® Model Context Protocol server — Agentic Commerce Framework governance copilot for AI assistants.

              • v1.1.0
              • 29.32
              • Published

              @mima-ai/governance-mcp

              MCP server — AI governance evidence for EU AI Act, SOC 2, ISO 42001, and NIST AI RMF

              • v0.1.13
              • 29.30
              • Published

              @wasmagent/aep

              Agent Evidence Protocol — runtime action evidence and run provenance types for WasmAgent

              • v1.8.0
              • 29.27
              • Published

              @pan-sec/notebooklm-mcp

              Security-hardened MCP server for NotebookLM API with compliance-ready architecture (GDPR, SOC2, CSSF controls implemented)

              • v2026.4.1
              • 29.13
              • Published

              @vurb/core

              MVA (Model-View-Agent) framework for the Model Context Protocol. Structured perception packages with Presenters, cognitive guardrails, self-healing errors, action consolidation, and tRPC-style type safety — so AI agents perceive and act on your data deter

              • v3.19.6
              • 29.02
              • Published

              cladding

              Reference implementation of the Ironclad standard — multi-agent dev harness for Claude Code.

              • v0.8.2
              • 29.02
              • Published

              @scopebound/n8n-nodes-scopebound

              Pre-execution scope enforcement for AI agent workflows. Validates workflow definitions against role-based authorization scopes (SOC1, SOC2, Production Readiness) before they run, with cryptographically signed attestation tokens for audit.

              • v0.1.0-preview.9
              • 29.00
              • Published

              @pulumi/google-compliance-policies

              This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.

              • v0.1.6
              • 28.99
              • Published

              mcp-server-insumer

              MCP server for InsumerAPI — condition-based access infrastructure. Send a wallet and conditions, get a signed boolean across 37 chains. 27 tools: attestation, wallet trust profiles (49 checks across 27 chains incl. Solana, XRPL, Bitcoin, Tron, Stellar, Su

              • v1.11.0
              • 28.96
              • Published

              @holmdigital/engine

              WCAG and EN 301 549 accessibility test engine that maps failures to national law and enforcement bodies across 17 jurisdictions. CLI and CI reporting.

              • v2.12.0
              • 28.93
              • Published

              nyx-audit-cli

              Prove your homelab matches your intent — YAML network specs, live VLAN/VPN audits, drift detection, Omada/OPNsense import. Cross-platform CLI with MCP for AI agents.

              • v0.2.8
              • 28.89
              • Published

              ofac-sanctions-screening

              OFAC, sanctions, PEP & KYB screening for Node.js — screen names, companies & crypto wallets against OFAC SDN, EU, UK, UN + 100+ watchlists; EU VAT (VIES) validation; EU consolidated (FSF) sanctions screen; OIG-LEIE healthcare-exclusion + fuzzy SDN matchin

              • v0.6.0
              • 28.87
              • Published

              @mima-ai/governance

              Mima AI Governance SDK for TypeScript and Node.js

              • v0.1.6
              • 28.79
              • Published

              @privedge/sdk

              Privacy on the edge — drop-in AI proxy with automatic PII routing

                • v0.4.1
                • 28.79
                • Published

                @opena2a/aicomply

                Inline PII, credential, and regulated-data classifier for AI agent I/O. Dual-layer: deterministic regex + optional semantic Guard. Library + CLI.

                • v2.2.2
                • 28.73
                • Published

                n8n-nodes-tracepass

                n8n community node for TracePass — automate EU Digital Product Passport workflows: products, passports, EPCIS supply-chain events.

                • v1.2.0
                • 28.71
                • Published

                @tenova/swt3-ai

                SWT3 AI Witness SDK: cryptographic attestation for AI inference. 103 procedures, 52 namespaces, 7 languages, 18 profiles. EU AI Act, NIST AI RMF, CMMC, SR 11-7.

                • v0.5.9
                • 28.68
                • Published

                @vurb/testing

                In-memory MVA lifecycle emulator for Vurb. Runs the full pipeline (Zod Input → Middlewares → Handler → Egress Firewall) without network transport. Returns structured MvaTestResult objects — zero coupling to Jest/Vitest.

                • v3.19.6
                • 28.63
                • Published

                @prodcycle/prodcycle

                Multi-framework policy-as-code compliance scanner for infrastructure and application code.

                • v0.6.17
                • 28.59
                • Published

                @attestplane/attestplane

                Apache-2.0 attestation and audit substrate for AI agent evidence chains.

                • v1.10.0
                • 28.58
                • Published

                @raeven-co/sether

                Streaming PII redaction for AI applications. The hiding place for sensitive data flowing into LLMs. Secrets pack, SSE-aware streaming, audit events, drop-in middlewares for Express / fetch / OpenAI / Anthropic.

                • v0.5.7
                • 28.55
                • Published

                allycat

                Accessibility tool for source files — scans JSX, Vue, Angular, and HTML without a running server. Exact line numbers, watch mode, CI gates, AI fix prompts. WCAG 2.1 AA, WCAG 2.2 AA, and WCAG AAA (automated rules) with optional RTL support.

                • v1.8.0
                • 28.45
                • Published

                @agenticmail/enterprise

                AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations

                • v0.5.615
                • 28.41
                • Published

                @vpdev2/metakyc

                React SDK for MetaKYC due diligence workflows with configurable API endpoints and comprehensive step coverage

                • v1.0.157
                • 28.40
                • Published

                aira-sdk

                The authorization and audit layer for AI agents

                • v3.7.0
                • 28.34
                • Published

                @prathammahajan/blockchain-integration

                🚀 Comprehensive blockchain integration suite with multi-chain cryptocurrency support, NFT marketplace, smart contracts, DeFi protocols, and enterprise-grade wallet management

                • v1.0.1
                • 28.32
                • Published

                @axiorank/audit-verify

                Independently verify AxioRank audit receipts, agent-commerce conformance seals, agent reputation credentials, and coding-session seals offline. Merkle inclusion proofs, Ed25519 signed tree heads, delegation provenance, human-approval signatures, witness c

                • v0.6.0
                • 28.31
                • Published

                periapsis

                Lightweight SBOM/license checker with allowlist, exceptions, and upstream chains.

                • v2.0.3
                • 28.28
                • Published

                @datacules/agent-identity-compliance

                Compliance report generator + tamper-evident audit log for @datacules/agent-identity — SOC 2, GDPR, HIPAA reports, SHA-256 chain verification CLI

                • v0.13.0
                • 28.26
                • Published

                babel-plugin-ot-ignore

                A Babel plugin thad adds configurable data-ot-ignore and className='optanon-category-C0001' to all React elements which have src attribute

                • v0.1.9
                • 28.16
                • Published

                substrai-guardrailgraph

                Composable AI safety pipeline framework with industry compliance packs (HIPAA, SOX, GDPR, FedRAMP)

                • v1.3.0
                • 28.14
                • Published

                @compr/opscontext-mcp

                OpsContext for AI Agents — read-only fleet visibility (PM2/nginx/Docker/git/cron) + tamper-evident audit log + policy-as-code hooks. The ops + compliance layer Claude Code can't grow natively.

                • v2.1.3
                • 28.12
                • Published

                audit-ledger-mcp

                MCP server that lets Claude, Cursor, LangGraph, and other agents record AI decisions to a tamper-evident ledger.

                • v0.3.3
                • 28.08
                • Published

                hazmat-cfr-mcp

                MCP server for the complete 49 CFR 172.101 Hazardous Materials Table: hazmat lookup, special-provision decoding, parsing, and basic compliance checks — every field cited to a pinned eCFR revision.

                • v0.3.0
                • 28.06
                • Published

                @shulam/sdk

                Shulam SDK — compliance screening, trust scoring, and x402 payment facilitation

                • v0.1.0
                • 28.05
                • Published

                @nice2dev/ui-enterprise

                Nice2Dev UI Enterprise - Compliance & enterprise-grade React components: DataExportCenter, AuditTrail, ContractEditor, GDPRConsent, GlobalSearch, InvoiceDesigner, AccessLog

                • v1.0.29
                • 28.00
                • Published

                @reneza/skillgate

                Deterministic finish-line gates for AI coding agents. A model-independent evaluator that blocks commit/publish until your definition-of-done passes. Works in opencode, Claude Code, pre-commit and CI.

                • v0.5.0
                • 27.97
                • Published

                @crowdhub/cordova-plugin-age-verification

                Cordova plugin for privacy-preserving age assurance using the Google Play Age Signals API (Android/Kotlin) and the Apple Declared Age Range API (iOS/Swift). Exposes a unified, Promise-based JavaScript API with TypeScript definitions.

                • v0.0.5
                • 27.95
                • Published

                n8n-nodes-mediavox

                n8n community node for Mediavox: mediaAPI (48+ endpoints — sanctions, threats, data quality, OCR, KYC), Turing AI (chat with RAG), DocumentPower (NER, semantic search), HealthPower (clinical data: RIPS, appointments, adherence, authorization), Sales Copil

                • v1.7.2
                • 27.88
                • Published

                @comply54/core

                African AI governance compliance — enforcement engine and sector packs for NDPA, CBN, NHA, NAICOM, KDPA, POPIA and 15+ African regulatory frameworks

                  • v0.4.0
                  • 27.83
                  • Published

                  @lians-ai/lians

                  TypeScript/JavaScript SDK for Lians — financial-grade AI memory with bitemporal model, SEC 17a-4 audit chain, and GDPR crypto-shred

                  • v0.4.0
                  • 27.80
                  • Published

                  @pyai/sdk

                  Official TypeScript/JavaScript SDK for PyAI — speech-to-text (Hear), text-to-speech (Speak), realtime voice agents (Omni), and call compliance (Trace).

                  • v0.2.1
                  • 27.80
                  • Published

                  @czagents/dd

                  Czech & EU due diligence in one call — company facts, insolvency (ISIR), EU+OFAC sanctions, VAT reliability, risk scoring (0-100), and statutory chain. EU coverage via GLEIF/LEI. Official state registries only, no Cribis/Bisnode reselling.

                  • v0.3.6
                  • 27.79
                  • Published

                  html-license-gen

                  Generate HTML with license text from NPM/Yarn dependencies

                  • v1.1.1
                  • 27.77
                  • Published

                  trustlint

                  TrustLint is a local compliance validation tool for your development workflow. Instantly check your code for compliance issues, integrate with CI/CD, and stay ahead of regulatory risks.

                  • v1.0.9
                  • 27.65
                  • Published

                  @folaform/forms-sdk

                  Official TypeScript SDK for the Fola form-filling API — auto-fill USCIS, EOIR immigration court, DOL ETA/PERM, and US district court PDFs from typed JSON. 72 forms ship typed; pay-per-fill via API key.

                  • v0.15.0
                  • 27.64
                  • Published

                  @attesto/sdk

                  Attesto TypeScript SDK - log verifiable AI events to Attesto with production-safe defaults.

                  • v0.4.0
                  • 27.63
                  • Published

                  @lunanoir/dep-lens

                  Dependency license scanner across npm, Cargo, Go, Python, Ruby, PHP, Java, Dart, and C/C++ with commercial risk reporting

                  • v2.0.0
                  • 27.63
                  • Published

                  @cohesionauth/sdk

                  Official TypeScript SDK for the COHESION Judgment Independence Score API. Real-time oversight scoring for AI-assisted human decisions, per EU AI Act Article 14, Colorado SB 205, and NYC Local Law 144.

                  • v1.3.2
                  • 27.47
                  • Published

                  agentshield-sdk

                  SOTA AI agent security SDK. F1 1.000 on BIPIA/HackAPrompt/MCPTox/Multilingual benchmarks. 400+ exports, 100+ modules. Zero dependencies, runs locally.

                  • v14.2.2
                  • 27.36
                  • Published

                  compliancelint

                  EU AI Act compliance: scan, attest, document — from your IDE. Source-available, MCP-native, AI-assisted.

                  • v1.1.4
                  • 27.28
                  • Published

                  @ledgerproof/sdk

                  EU AI Act Article 50 cryptographic transparency receipts, anchored to Bitcoin. The TypeScript SDK with the Stripe-style attach() pattern.

                  • v1.1.4
                  • 27.27
                  • Published

                  license-checker-plugin

                  A bundler-agnostic plugin to generate third-party license notices for bundled packages. Supports webpack 5, Rspack, and Vite.

                  • v2.0.1
                  • 27.26
                  • Published

                  next-license-list

                  Get list of licenses for third-party packages using in Next.js.

                  • v1.0.1
                  • 27.18
                  • Published

                  @openage-agekey/sdk

                  Official AgeKey SDK for age verification integration

                  • v1.5.0
                  • 27.11
                  • Published

                  @czagents/sanctions

                  Sanctions screening for KYC/AML — check Czech companies and individuals against EU Financial Sanctions (FSF) and US OFAC SDN lists. Per-entity and per-statutory-member checks. Official consolidated lists, updated from source.

                  • v0.1.5
                  • 27.11
                  • Published

                  dingdawg-compliance

                  Governance receipts for AI agents — automated compliance scoring against EU AI Act Art. 12, Colorado AI Act (SB 24-205), and NIST AI RMF. 60-second scan, free local check included, more accurate with every run.

                  • v2.0.13
                  • 27.09
                  • Published

                  project-starfish

                  Governance for AI agents: a deny-by-default policy layer for Claude Code and agent/skill builds. Every tool call is authorized, contained, and audited. Apache-2.0.

                  • v0.11.1
                  • 27.03
                  • Published

                  @wgtechlabs/log-engine

                  A lightweight, security-first logging utility with automatic data redaction for Node.js applications - the first logging library with built-in PII protection.

                  • v2.3.1
                  • 26.99
                  • Published

                  @cyanheads/epa-mcp-server

                  Access EPA environmental data — facility compliance (ECHO), toxic releases (TRI), Superfund sites, drinking water systems, and real-time air quality (AirNow) via MCP. STDIO or Streamable HTTP.

                  • v0.2.0
                  • 26.95
                  • Published

                  @dawnguard/mcp

                  Dawnguard MCP Server - Cloud security insights and guardrail guidance for Azure and AWS architectures

                  • v1.0.7
                  • 26.93
                  • Published

                  eol-check

                  CLI tool to check End-of-Life (EOL) status of code, infrastructure, containers, and AI models. Supports Docker, Terraform, AWS, Serverless, and more.

                  • v1.6.1
                  • 26.86
                  • Published

                  @ilalv3/cli

                  ILAL Protocol CLI — compliant swaps and credential management for Uniswap v4

                  • v0.2.20
                  • 26.83
                  • Published

                  casa-ready

                  Open-source toolkit to pass Google CASA Tier 2 security assessments without consulting-firm costs.

                  • v0.5.3
                  • 26.77
                  • Published

                  @pulumi/kubernetes-compliance-policies

                  This repository contains a growing set of Compliance Policies to validate your infrastructure using Pulumi's Crossguard Policy-as-Code framework.

                  • v0.1.5
                  • 26.73
                  • Published

                  license-wizard

                  Interactive and scriptable CLI that generates a correct LICENSE file from the full SPDX catalog, syncs the chosen license into your package.json/composer.json, stamps source-file headers, and verifies everything stays in sync in CI.

                  • v1.1.0
                  • 26.73
                  • Published

                  @mitre/hdf-diff

                  Structured comparison of HDF evaluation results — tracks what changed, why, and by how much

                  • v3.3.2
                  • 26.68
                  • Published

                  @frameless/content-compliance-checker

                  A Strapi plugin that audits content blocks for compliance with category requirements. Specifically checks for blocks that don't have the 'kennisartikel' category assigned, helping maintain content standards across products.

                  • v1.0.3
                  • 26.65
                  • Published

                  @nugehs/gate

                  gate — one ship/no-ship verdict from aiglare, bouncer, tieline & repoctx. The unified merge gate for the nugehs toolchain: run four deterministic checks, get one normalized verdict.

                  • v0.3.0
                  • 26.63
                  • Published

                  @zentity/contracts

                  Zentity smart contracts, ABIs, deployments, and typed helpers

                  • v0.7.0
                  • 26.62
                  • Published

                  @cmetech/otto

                  Terminal-based developer chat assistant. Permanent hard fork of gsd-pi with LangFlow flow triggers, a flow builder, and optional gateway routing for compliance environments.

                  • v1.3.4
                  • 26.58
                  • Published

                  @meui-creative/cookies

                  GDPR-compliant cookie consent management for React with script blocking and Google Consent Mode V2

                  • v7.0.3
                  • 26.50
                  • Published

                  @parmanasystems/contracts

                  Deterministic governance contract infrastructure for immutable schema continuity, typed admissibility semantics, cross-runtime compatibility, and independently verifiable governance interfaces.

                  • v1.98.56
                  • 26.47
                  • Published

                  opencode-git-trailers

                  Automatically add standardized git trailers to AI-assisted commits for compliance, audit trails, and attribution

                  • v0.5.0
                  • 26.46
                  • Published

                  @asamarts/alint

                  Language-agnostic linter for repository structure, file existence, filename conventions, and file content rules. This package downloads and wraps the platform-matched native alint binary.

                  • v0.13.0
                  • 26.45
                  • Published

                  n8n-nodes-scorechain

                  n8n community node for Scorechain Risk Scoring API — analyse crypto addresses and transactions on 20+ blockchains

                  • v1.0.3
                  • 26.45
                  • Published

                  @nodatachat/guard

                  NoData Guard — continuous security scanner. Runs locally, reports only metadata. Your data never leaves your machine.

                  • v4.3.2
                  • 26.44
                  • Published

                  @vpdev2/metakyc-sdk

                  React SDK for MetaKYC due diligence workflows with configurable API endpoints and comprehensive step coverage

                  • v1.1.3
                  • 26.43
                  • Published

                  @driftgard/cli

                  Driftgard CLI — governance-as-code for AI compliance

                    • v1.8.1
                    • 26.35
                    • Published

                    sanctionwise

                    Verified UK sanctions screening for AI agents — official FCDO UK Sanctions List, not guesses.

                    • v0.1.2
                    • 26.31
                    • Published

                    @manifesto-ai/governance

                    Manifesto Governance - decorator runtime for legitimacy, approval, and governed execution

                    • v5.1.1
                    • 26.29
                    • Published

                    sage-governance

                    SAGE - Open-source governance runtime harness for agentic coding systems. Intercepts, evaluates, and audits developer prompts before code is written, and performs code security scans/fixes after AI code generation.

                    • v1.0.4
                    • 26.29
                    • Published

                    @mergeguide/mcp-server

                    MergeGuide MCP server — AI-assisted code governance for Claude Code, Cursor & Copilot. Injects your security & compliance policy at generation time so AI writes compliant code by default.

                    • v2.2.1
                    • 26.28
                    • Published

                    complytest

                    Open-source GDPR, WCAG 2.2 & security compliance scanner. The ESLint of web compliance.

                    • v1.2.0
                    • 26.27
                    • Published

                    @scadable/wizard

                    The SCADABLE setup wizard. Detects your framework and wires your always-current legal documents (privacy policy, terms of use) into any app, live from SCADABLE.

                    • v0.2.0
                    • 26.27
                    • Published

                    @hellouchit/mcp-regulated-ai-compliance

                    MCP server exposing regulated-industry AI compliance knowledge (EU AI Act · APRA CPS 230/234 · NIST AI RMF · ISO 42001 · AU AI Safety Standard · SLSA · SSDF · OWASP LLM Top 10) as tools, resources, and prompts. Apache 2.0 (code) + CC BY 4.0 (dataset). By

                    • v0.2.3
                    • 26.25
                    • Published

                    @ar-agents/boletin-oficial

                    Argentine Boletín Oficial as a structured firehose for AI agents on the Vercel AI SDK. Search, filter by sección, match by CUIT or keyword, and turn the daily JSON dump into typed records. The 'Vercel for legal monitoring' missing from the AR ecosystem.

                    • v0.2.4
                    • 26.24
                    • Published

                    @recalled/sdk

                    Official TypeScript SDK for Recalled — audit logs as a service for your product.

                    • v0.2.0
                    • 26.17
                    • Published

                    attestify-os

                    The only agent execution layer that enforces governance before consequences land. x402-native paid execution, financial control plane, immutable receipts, output verification, agent reputation, and memory continuity.

                    • v0.1.5
                    • 26.16
                    • Published

                    @nxtg/faultline

                    AI claim verification CLI. Paste what an AI told you — Faultline extracts every claim, verifies against live sources, scores the risk, and generates audit evidence. Provider-agnostic: Gemini, OpenAI, Claude, Perplexity.

                    • v0.9.0
                    • 26.16
                    • Published

                    @asseteragmbh/metakyc

                    React SDK for MetaKYC due diligence workflows with configurable API endpoints and comprehensive step coverage

                    • v1.0.160
                    • 26.02
                    • Published

                    @parmanasystems/governance

                    Deterministic governance infrastructure for immutable policy lineage, governed admissibility evaluation, replay-safe execution semantics, and independently verifiable policy enforcement.

                    • v1.98.56
                    • 26.00
                    • Published

                    infrarails

                    Static scanner for EU AI Act Article 9 & 12 compliance gaps in Terraform and CloudFormation - checks AWS Bedrock guardrails, logging, retention, and traceability against EU AI Act, NIST AI RMF, and ISO/IEC 42001

                    • v0.4.0
                    • 25.96
                    • Published

                    dingdawg-finance-agent

                    Governance receipts for AI agents — financial analysis with forecasting, audit prep, and regulatory checks (SOX, GAAP, IFRS, AML), every output signed and receipted for EU AI Act, Colorado AI Act (SB 24-205), and NIST AI RMF audit trails.

                    • v2.0.11
                    • 25.95
                    • Published

                    @agent-action-firewall/sdk

                    Official TypeScript SDK for Agent Action Firewall - AI agent security platform

                    • v1.0.0
                    • 25.93
                    • Published

                    @ankkho/nestjs-cipher

                    Production-grade NestJS encryption module for PII protection with AES-256-GCM and KMS

                    • v1.1.1
                    • 25.85
                    • Published

                    roblox-shipcheck

                    Heuristic release checks and smoke tests for Roblox projects via MCP

                    • v0.2.0
                    • 25.78
                    • Published

                    @axonflow/sdk

                    AxonFlow SDK - Add invisible AI governance to your applications in 3 lines of code

                    • v8.5.0
                    • 25.78
                    • Published

                    @logicnodez/mcp-bridge

                    MCP bridge to LogicNodes: 8 deterministic on-chain service tools plus agent-marketplace discovery, payable per call in USDC via x402 on Base.

                    • v1.0.5
                    • 25.78
                    • Published

                    gia-mcp-server

                    Runtime governance layer for generative AI agents. Works with any MCP-compatible client — Claude, GPT, Gemini, Cursor, or custom frameworks. MAI classification, forensic audit trails, human-in-the-loop gates, EU AI Act compliance, NIST/SOC 2/CMMC mapping.

                    • v0.4.1
                    • 25.71
                    • Published