npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@boldbuild/audit

v0.2.1

Published

AI-powered code audit tool for production readiness

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

selvinortizselvinortiz

Keywords

auditcode-qualitysecurityaiclidevtools

Readme

Bold Audit

AI-powered code audit tool for production readiness. Analyzes codebases for security issues, architecture problems, deployment blockers, and code quality.

Built by Bold to help founders with AI-built MVPs get to production.

Features

  • Multi-scanner architecture: npm audit, TypeScript checking, ESLint, secrets detection, and more
  • AI-powered analysis: Uses Claude to analyze architecture, Supabase configuration, and AI-generated code patterns
  • Stack detection: Automatically detects Next.js, React, Vue, Laravel, and other frameworks
  • Pattern detection: Identifies Supabase, Stripe, Clerk, Firebase, and other integrations
  • Detailed reports: Generates JSON and Markdown reports with actionable findings
  • GitHub Actions: Easy CI/CD integration

Installation

npm install -g @boldbuild/audit

Or use with npx:

npx @boldbuild/audit /path/to/project

Usage

CLI

# Basic usage
boldaudit /path/to/project

# Skip AI scanners (faster, no API calls)
boldaudit /path/to/project --skip-ai

# Run specific scanners
boldaudit /path/to/project --scanners=npm-audit,typescript,secrets

# Custom output directory
boldaudit /path/to/project --output=./my-audit-results

# Verbose output
boldaudit /path/to/project --verbose

Available Scanners

| Scanner | Description | Requires API Key | |---------|-------------|------------------| | npm-audit | Checks for known vulnerabilities in npm dependencies | No | | npm-outdated | Checks for outdated npm dependencies | No | | typescript | Checks for TypeScript compilation errors | No | | eslint | Checks for code quality issues using ESLint | No | | secrets | Detects hardcoded secrets, API keys, and credentials | No | | env-check | Checks for proper environment variable configuration | No | | structure | Analyzes project file structure and organization | No | | ai-architecture | AI-powered architecture and code quality analysis | Yes | | ai-supabase | AI-powered Supabase configuration and security analysis | Yes | | ai-patterns | Detects patterns common in AI-generated code | No |

GitHub Actions

Add to your workflow:

name: Code Audit

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run Bold Audit
        uses: selvinortiz/boldaudit@v1
        with:
          anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
          fail-on-blockers: true

Programmatic Usage

import {
  detectStack,
  getApplicableScanners,
  saveResults,
  type AuditConfig,
  type AuditResult,
} from '@boldbuild/audit';

const projectPath = '/path/to/project';

// Detect tech stack
const project = detectStack(projectPath);
console.log(`Stack: ${project.stack}`);
console.log(`Frameworks: ${project.frameworks.join(', ')}`);

// Get applicable scanners
const scanners = getApplicableScanners(project);

// Run scanners
const config: AuditConfig = {
  projectPath,
  outputDir: './audit-results',
};

const results = await Promise.all(
  scanners.map((scanner) => scanner.run(project, config))
);

// Process results...

Environment Variables

For AI-powered scanners, set your Anthropic API key:

export ANTHROPIC_API_KEY=your-api-key

Or create a .env or .env.local file:

ANTHROPIC_API_KEY=your-api-key

Output

Bold Audit generates several output files:

  • report.md - Human-readable Markdown report
  • audit-result.json - Complete audit results as JSON
  • summary.json - Summary statistics
  • findings.json - Flat list of all findings
  • raw/<scanner>.json - Individual scanner results

Finding Severity Levels

| Severity | Description | |----------|-------------| | 🔴 Critical | Must be fixed before production | | 🟠 High | Should be fixed before production | | 🟡 Medium | Should be reviewed and addressed | | 🔵 Low | Minor issues, nice to fix | | ⚪ Info | Informational, no action required |

Contributing

Contributions are welcome! Please open an issue or submit a pull request.

License

MIT License - see LICENSE for details.

Support