A simple npm CLI tool (starter template)
Sha1-Hulud 2.0 npm supply chain attack scanner - Real-time detection using Koi.ai data
Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.
Scan your React app for renders
Security auditor for AI agent configurations. Scans Claude Code setups for vulnerabilities, misconfigs, and injection risks.
A Vite plugin for React Scan - detects performance issues in your React app.
snyk library and cli utility
Tiny zero-dependency CLI that scans npm, pnpm, yarn, and bun lockfiles for packages compromised in the TanStack May 2026 npm supply-chain incident (mini Shai-Hulud). Uses the official Snyk advisory as the source of truth.
A inter-process and inter-machine lockfile utility that works on a local or network file system
Imagemin plugin for mozjpeg
Secretlint CLI that scan secret/credential data.
(temporary fork of picomatch) Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.
React Native Plugin for Genius Scan SDK
@liff/scan-code
Detect and fix the mini-shai-hulud TanStack supply-chain attack (socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack)
@liff/scan-code-v2
httpntlm is a Node.js library to do HTTP NTLM authentication
Traverse object hierarchies using matching and callbacks.
simple scope analysis for javascript ASTs
A deep deletion module for node (like `rm -rf`)
Scan large DynamoDB tables faster with parallelism
Visual debugging tool for Svelte applications.
Functions for modifying a unified-latex AST
An automated testing tools for accessibility testing using Puppeteer, Selenium, or Zombie
ace-git-secrets scans Git history for leaked credentials with gitleaks-backed detection, revokes supported tokens, rewrites compromised history, and blocks releases when secrets are still present.
Static analysis tool that scans RubyGems for indicators of supply chain compromise: malicious gemspecs, suspicious URLs, credential exfiltration, obfuscated payloads, and more.