JSPM

Command-line tool for detecting vulnerabilities in files and directories.

OSV vulnerability scanner for Bun projects

Vulnerability scanner for Bun projects

Dependency health checker with ecosystem intelligence, unified interactive dashboard with 5 dynamic layouts (Tree/Force/Radial/Conflict/Analytics), historical tracking with SQLite, snapshot comparison, timeline visualization, modular CSS/JS architecture,

VibeSecurity — Auditoria de segurança para quem cria com IA. Secrets, vulnerabilidades e rotas sem auth.

AI-powered multi-agent security platform. 23 agents scan 80+ attack classes including AI integration supply chain (Vercel-class attacks), Hermes Agent deployments (ASI-01–ASI-10), tool registry poisoning, function-call injection, skill permission drift, a

Package Intelligence MCP server for AI agents. Stops hallucinated/malicious package installs across 19 ecosystems (npm, PyPI, Cargo, Go, Maven, NuGet, RubyGems, Composer, Pub, Hex, Swift, CocoaPods, CPAN, Hackage, CRAN, Conda, Homebrew, JSR, Julia). 22 to

⚠️ Pre-release — wait for 1.0.0 before relying on this. Currently under active development; APIs and behaviour may change without notice. SPYS MCP client — local stdio bridge + reverse tunnel for AI-driven pentest tools (Claude Code, Cursor, etc).

The security and reliability linter for JavaScript and TypeScript

Enterprise-grade AI security skill for any codebase — covers CWE Top 25, OWASP Top 10, ASVS Level 1-3

Anthropic's vulnerability scanning scaffold (Carlini, [un]prompted 2026) — parallel Claude Code security scans per file

CodeSlick CLI tool for pre-commit security scanning — 308 checks across JS, TS, Python, Java, Go

Advanced security scanner that detects API key leaks and sensitive information in source code. Scans TypeScript, JavaScript, Markdown, and configuration files for AWS keys, OpenAI tokens, GitHub/GitLab PATs, Slack/Discord tokens, JWT tokens, and other cre

Hono.js security middleware. Honeypot path blocker that stops vulnerability scanners (nuclei, nikto, sqlmap, dirbuster), bot crawlers, and brute-force probes. Mini WAF with optional IP strike and ban. Zero dependencies. Cloudflare Workers, Bun, Deno, Node

Agentic security scanner for code repos — analyst + primary + secondary agent pipeline over OpenRouter / OpenAI / Anthropic models, with a live Ink terminal UI.

Static security scanner for AI CLI and MCP configurations — detects credential leaks, prompt injection, jailbreaks, and supply chain risks

OWASP API security scanner with AI-assisted behavioral testing, static analysis, container scanning, and GraphQL probing.

SwarmHack - Neural swarm-based penetration testing framework

Open-source security scanner for Model Context Protocol (MCP) servers. Audits Claude Desktop, VS Code, Cursor, Windsurf, and 16+ AI tools for secrets, prompt injection, supply-chain risks, and 17+ security checks.

Local opensource pen-testing suite. Your code. Your AI. Your terms. `opt` is the CLI entry point.

Zero-dependency skill sanitizer — scans agent skill markdown for prompt injection, jailbreaks, data exfiltration, and other red flags before installation.

Local-first vulnerability reachability CLI for JavaScript and TypeScript

npm registry vulnerability scanner for Bun projects using GitHub Advisory Database

MCP server for AI-powered security scanning - SAST, SCA, DAST, and secrets detection

VettIQ MCP server — security scanning for AI-generated code, callable from Cursor, Claude Code, and any MCP-compatible agent.

AI-powered CLI security auditor that scans codebases for vulnerabilities, explains findings with exact code references, and optionally applies fixes. Provider-agnostic — works with Anthropic, OpenAI, Google, Azure, Vertex AI, and Ollama.

Security and quality reporter for Node.js projects. Scans for vulnerabilities, secrets, outdated dependencies, and generates comprehensive reports (console, Markdown, PDF).

Enterprise-grade security validation and testing tool for MCP servers (Model Context Protocol)

Open-source HIPAA compliance scanner for healthcare code. 140+ rules, 5 HIPAA categories. CLI + CI/CD + VS Code.

Asyntax AI — security-scan your codebase from the terminal

BIT Security Review — MCP server for devs + CLI for CI/CD pipelines. Activates 7 specialized agents (SECRETS, AUTH, DATA, INPUT, DEPS, INCIDENTS, AGENTIC) mapped to OWASP A1–A10, OWASP Agentic AI T1–T15, and CWE.

App for monodog monorepo

Analyze and optimize Docker images, npm packages, and CI/CD pipelines. Find unused dependencies, security issues, and cost savings in minutes.

A security scanner for Bun's package manager

AI-powered code quality platform with team rules, security scanning, and CI/CD integration. Your complete code gatekeeper.

A beautiful, zero-config visual CVE dashboard for npm, Python, Go, and Rust. Run 'npx osv-ui' to scan or 'npx osv-ui -d' to auto-discover services. Repo: https://github.com/toan203/osv-ui

Security scanner for agent skill files - detects command injection, unsafe file operations, hardcoded secrets, and code injection risks

Hardhat plugin for ContractScan — AI-powered smart contract vulnerability scanner

Quantum Viper CLI (qv) - Professional AI-Powered Security Analysis

AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.

MCP server for DetectZeStack — detect tech stacks, security headers, SSL certificates, DNS records, and vulnerabilities for any website

AI-powered security review plugin for pentesting web applications with NestJS, Rust, Vite support and DDoS/Stress testing - Added BeEzz_QL for GraphQL

Herramienta SAST (Análisis Estático de Seguridad) para detectar vulnerabilidades y código malicioso.

Your code, deeply analyzed. Multi-language code scanner with 432 detection rules, git intelligence, live server security scanning, and AI-powered insights.

Autonomous AI Penetration Testing Platform for LLM-powered applications

Static vulnerability scanner for MCP (Model Context Protocol) servers — detects shell injection, path traversal, SSRF, SQL injection, and more

SmartGuard MCP Server - AI-powered smart contract security audit tools for Claude Code, Cursor, and AI coding agents. Detect reentrancy, access control, and quantum vulnerabilities.

Security scanner that checks npm dependencies for Shai Hulud vulnerable packages. 100% offline, zero data collection, zero telemetry. Scans all dependencies against 689+ known compromised packages.

Quantum Viper MCP Server - AI-Powered Security Scanner for LLM Integration

MCP server for Vigile AI Security — query trust scores for MCP servers and agent skills from within Claude Code, Cursor, and other AI agents

LangGraph Multi-Agent Automated Testing Suite for Node.js/TypeScript — 8 AI agents that analyze, test, review, secure & document your project. OWASP Top 10, Zero-Day scanning, 100+ vulnerability patterns.

Security scanning engine for Model Context Protocol (MCP) servers. Detects hardcoded secrets, command injection, SSRF, auth misconfig, and compliance gaps.

MCP server for FinishKit. Production readiness scanner for AI-built apps. Enables AI agents in Claude, Cursor, Windsurf, and VS Code to check if code is ready to ship.

Security scanner for AI agent architectures - 220+ detection patterns and 5 runtime guard modules for prompt injection, SSRF, path traversal, credential exposure, MCP security, and OWASP ASI vulnerabilities

Comprehensive CLI tool for dependency management - unified 'depmender fix' command handles all operations: scan, fix, install-missing, remove-unused, update-deps, dedupe, sync, resolve, and more. Supports npm, yarn, pnpm with security audits and real-time

VineGuard MCP Server v2.1 - Intelligent QA Workflow System with advanced test generation for Jest/RTL, Cypress, and Playwright. Features smart project analysis, progressive testing strategies, and comprehensive quality patterns for React/Vue/Angular proje

Static and dynamic vulnerability scanner for ML models and pipelines

AI-powered code analysis using Recursive Language Models (RLMs). Analyze entire codebases 100x beyond context limits with deep architecture, security, and refactoring analysis. Supports Gemini and Amazon Bedrock.

Modern, fast penetration testing CLI — record browser interactions once, replay with security payloads, and find vulnerabilities like XSS and SQLi automatically. A lightweight, pluggable alternative to legacy security scanners.

Command-line interface for mcp-guard: scan, fix, and monitor Model Context Protocol (MCP) server configs for security issues.

App for monodog monorepo

Lite Model Context Protocol server for comprehensive CVE intelligence gathering with multi-source exploit discovery, designed for security professionals and cybersecurity researchers

autonomous black-box web penetration testing. give it a URL, it finds everything exploitable.

JAKU (呪) — Autonomous Security & Quality Intelligence Agent for vibe-coded apps. XSS, SQLi, prompt injection, QA testing, and attack chain correlation in one command.

Fast, modern security testing engine — record browser sessions, replay with attack payloads, and detect vulnerabilities automatically. Pluggable driver and detection system for web application penetration testing.

Open-source, zero-dependency tool that blocks compromised packages BEFORE download. Built to counter supply chain and credential theft attacks like Shai-Hulud.

Solidity smart contract security auditor CLI - Detect vulnerabilities, reentrancy, overflow, and common issues.

OSV vulnerability scanner for Bun projects

Lite Model Context Protocol server for comprehensive CVE intelligence gathering with multi-source exploit discovery, designed for security professionals and cybersecurity researchers

A lightweight, extensible Static Application Security Testing (SAST) tool for JavaScript. Detects vulnerabilities like XSS, SQL injection, hardcoded secrets, prototype pollution, and more — with CWE references, severity ratings, and context-aware reportin

Model Context Protocol (MCP) server for interacting with Nuclei vulnerability scanner

A secure MCP (Model Context Protocol) server that enables AI agents to interact with Nikto web server scanner

SynapseAudit CLI - AI-Powered Security Scanner for your code

QuantumGuard MCP Server - Post-quantum cryptography security tools for AI coding agents. Scan for quantum vulnerabilities, get migration templates, check NIST compliance.

Venom — Autonomous AI pentester for developers. Find exploits AND fix them.

The open-source security CLI hub — query, enrich, automate.

Model Context Protocol server for DepsShield - Real-time dependency security scoring for AI agents

Advanced Script Doctor: Surgical code cleanup + Electron IPC channel management + Security vulnerability detection. Remove unused code, fix missing channels, and detect IPC security issues with AI-powered analysis.

MCP server for MetalTorque Security Audit — gives AI agents the ability to scan websites for security vulnerabilities.

Lite Model Context Protocol server for comprehensive CVE intelligence gathering with multi-source exploit discovery, designed for security professionals and cybersecurity researchers - Alpha Release

Autonomous SRE & Security Orchestration Agent - The Warden of your Codebase

AI-powered personal development and network security agent with API testing and CVE database integration

Vulnerability Intelligence platform searching for vulnerabilities, exploits, and malicious packages with network scanning and agent-based discovery.

Servidor MCP (Model Context Protocol) com Zero Trust para análise de segurança com Trivy. Protege workspaces contra Path Traversal, executa scans de vulnerabilidade e gera patches de correção.

AI-powered codebase vulnerability scanner

AI-powered security scanner that detects vulnerabilities in AI-generated code. Proactive scanning, autonomous fixing, and emergency response for modern development teams.

Lightning-fast, zero-dependency static analysis tool for detecting security vulnerabilities, SQL injections, XSS risks, and common code bugs.

🛡️ Antivirus for Node.js projects - Scan for infected files and malicious/vulnerable packages with real-time protection

Vulnerability Scanner for Bun, so that you can cook with healthy ingredients!

Advanced Security Testing and Analysis Framework with AI capabilities

TESTPAL v7.1 - AI-Powered Testing Agent with Hardened Security, Git History Verification, Multi-Factor Confidence, 30+ Secret Patterns (HuggingFace, Anthropic, AWS, etc.), Framework-Aware Analysis, 95%+ accuracy. Created by Akash S

🛡️ Comprehensive TypeScript library for SQL query security analysis with injection detection, risk assessment, and Express middleware integration

Zero-config AI-powered security review for web developers

CLI tool for npm security audit with blacklist functionality and progress bar

SynapseAudit MCP Server - AI-Powered Security Scanner for LLM Integration

GuardScan - Privacy-first AI Code Review CLI with comprehensive security scanning

Multi-agent security testing tool - Red Team vs Blue Team with Green Team referee

DevSecureX CLI - Advanced security scanning tool for developers. Detect vulnerabilities across 20+ programming languages with comprehensive SAST, dependency analysis, secrets detection, and compliance reporting. Integrates seamlessly with CI/CD pipelines

MCP-SecLint: Static analysis tool for detecting vulnerabilities in MCP server implementations

Comprehensive security tool to detect hardcoded API keys, tokens, and sensitive credentials in your codebase with 245+ detection patterns, entropy analysis, and baseline filtering

Security & Quality Guardrails - Adoption-first developer discipline. Block new issues, accept existing ones with baseline mode.

Servidor MCP (Model Context Protocol) com Zero Trust para análise de segurança com Trivy. Protege workspaces contra Path Traversal, executa scans de vulnerabilidade e gera patches de correção.

Cursor agent skills and configs. Installs into your project's .agents folder.

OmniAudit Local CLI - Smart contract security scanner with local execution and connector session support

GitHub Advanced Security autofix CLI tool for code scanning alerts

A comprehensive React security scanner with 45+ customizable rules covering XSS, injection attacks, data leaks, and more

La skill de seguridad más completa para desarrollo con IA. Auditoría de 20 vectores, generación de código seguro, setup de entorno y protocolo de emergencias — todo en un comando.

GitHub Advanced Security autofix CLI tool for code scanning alerts

GitHub Advanced Security autofix CLI tool for code scanning alerts

AI-powered security scanner for your codebase. Scan for vulnerabilities, get risk scores, auto-report on GitLab MRs.

Premium Solidity smart contract vulnerability scanner REST API & MCP server

Autonomous SRE & Security Orchestration Agent - Automatically scan, fix, and patch security vulnerabilities in your repositories

Multi-layer security scanner for npm packages to detect supply chain attacks

AI-powered privacy and compliance scanner by KafkaLabs - identify PII leaks, secrets, and compliance violations

Graduated security gates for DevSecOps pipelines - A developer-centric approach to security enforcement with configurable severity thresholds and productivity analytics

A comprehensive TypeScript/JavaScript code analyzer with SonarQube-style quality analysis, security scanning, and GDPR compliance checking

Automated code health and security analysis for modern web projects. Find and fix issues before they become a problem.

Lite Model Context Protocol server for comprehensive CVE intelligence gathering with multi-source exploit discovery, designed for security professionals and cybersecurity researchers

AI code vulnerability scanner — catches hallucinated packages, phantom APIs, and insecure patterns before you commit. Zero-config, offline, under 2 seconds.

Claude Code skill for Application Security Posture Management — runs Semgrep SAST and optional Shannon pentesting, generates ASPM_SCAN.md reports

Vite plugin for React Security Scanner - Automatically scan your React code for security vulnerabilities during build

A lightweight security tool to detect potential prompt injection vulnerabilities in code files

RedPill Security CLI - OpenAPI security scanner that reveals vulnerabilities in your API specifications

Webpack plugin for React Security Scanner - Automatically scan your React code for security vulnerabilities during build

Fast, beautiful CLI security scanner for React Native and Expo bundles. Detects API keys, secrets, and 60+ mobile security vulnerabilities.

GitHub Advanced Security autofix CLI tool for code scanning alerts

A high-performance CLI tool for checking npm dependencies

Stop npm supply-chain attacks before they execute. Zero-dependency security scanner: malicious package detection, lockfile audit, dropper detection, integrity checks, OWASP A03/A05/A08/A10 coverage, CycloneDX SBOM & VEX reports, provenance verification, s

A zero-dependency CLI that checks npm packages for basic supply-chain risk signals before you install them.

Enterprise-grade AI security skill for any codebase — covers CWE Top 25, OWASP Top 10, ASVS Level 1-3