npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@asterpay/attest

v0.1.2

Published

CLI for Attest — EU AI Act compliance toolkit for TypeScript. Powered by AsterPay.

Downloads

307

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

asterpayasterpay

Keywords

eu-ai-actcompliancecliaitypescriptasterpay

Readme

Attest — EU AI Act compliance in one SDK

Powered by AsterPay — trust & settlement for AI commerce.

Attest helps EU teams discover AI usage in code, classify risk heuristically, generate Annex IV-style documentation scaffolds, and keep tamper-evident audit logs for AI inferences.

Not legal advice. Attest is a developer tool. Always involve qualified counsel for conformity assessment and regulatory obligations.

Try it now (zero install)

cd your-project
npx @asterpay/attest scan

That's it. Attest scans your TypeScript/JavaScript source for AI SDK imports (OpenAI, Anthropic, Google AI, LangChain, etc.) and reports what it finds:

📦 Scanned 42 files in ./src

  src/chat/agent.ts
    → openai (line 1)        ai-sdk
    → @anthropic-ai/sdk (line 2)

  src/scoring/classifier.ts
    → langchain (line 3)     ai-sdk

🔍 3 AI-related imports found across 2 files
⚠️  Risk classification: HIGH (Annex III keywords detected)

Install

npm install -g @asterpay/attest

Quick start

cd your-project

# 1) See which AI SDKs your code imports (AST scan)
attest scan

# 2) Heuristic checks: transparency / logging / oversight signals
attest check

# 3) Generate Annex IV–style Markdown scaffolds (fill with counsel)
attest docs -o ./compliance

# 4) Local static dashboard (countdown + CLI hints)
attest dashboard

What each command does

| Step | Command | What you get | |------|---------|-------------| | Scan | attest scan | List of every AI SDK import in your codebase, file by file | | Check | attest check | Compliance signals: do you have logging? transparency disclosures? human oversight patterns? | | Docs | attest docs -o ./compliance | Three Markdown files: technical-documentation.md, risk-assessment.md, conformity-declaration.md — pre-filled scaffolds for Annex IV, ready for your legal team | | Dashboard | attest dashboard | Local web UI with EU AI Act deadline countdown + quick links |

Packages

| Package | npm | Description | |---------|-----|-------------| | @asterpay/attest | npm | CLI (attest) + re-exports SDK | | @asterpay/attest-sdk | npm | Programmatic API |

CLI reference

| Command | Purpose | |--------|---------| | attest scan [-r DIR] | List AI-related package imports per file | | attest check [-r DIR] | Compliance signals (not legal sign-off) | | attest docs -o DIR [-r DIR] [--name] [--provider] | Write technical-documentation.md, risk-assessment.md, conformity-declaration.md | | attest export [--from ISO] | Dump audit log JSON (needs prior Attest.track() usage) | | attest verify [-r DIR] | Verify audit JSONL hash chain; exits 1 if broken | | attest dashboard [-p PORT] | Serve local dashboard |

Project metadata for attest docs (optional): .attest/config.json — see below.

Optional project metadata (for attest docs):

// .attest/config.json
{
  "system": {
    "name": "Customer Support Bot",
    "provider": "Your Company Ltd",
    "description": "Tier-1 support assistant"
  }
}

Programmatic usage

import { Attest } from '@asterpay/attest';

const attest = new Attest({
  system: {
    name: 'My AI feature',
    provider: 'My Org',
  },
  projectRoot: process.cwd(),
});

const risk = await attest.classifyRisk();
const report = attest.check();

await attest.track(
  async () => {
    /* your OpenAI / Anthropic call */
    return { ok: true };
  },
  { purpose: 'support', humanOversight: 'available', containsPII: false },
);

Monorepo layout

attest/
  packages/
    sdk/     @asterpay/attest-sdk
    cli/     @asterpay/attest
  landing/   marketing site (static)
  docs/      publishing, domains, cloud roadmap

Why?

The EU AI Act (Regulation 2024/1689) requires companies deploying AI in the EU to document, classify, and audit their AI systems. The August 2, 2026 deadline for high-risk systems is approaching fast.

Attest doesn't replace legal counsel — it gives your engineering team a head start:

  • Discovery — "Which of our 200 microservices actually use AI SDKs?"
  • Risk signal — "Does our code have the logging/oversight patterns regulators expect?"
  • Documentation — "Give us Annex IV scaffolds so legal doesn't start from a blank page"
  • Audit trail — "Every AI inference is logged with SHA-256 hash chaining"

Contributing

git clone https://github.com/AsterPay/attest
cd attest
npm install
npm run build
npm test

See docs/GITHUB_SETUP.md and docs/PUBLISH.md for setup and publishing details.

License

MIT © AsterPay contributors