npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@codecora/cli

v0.2.4

Published

CORA CLI - AI code review before commit

Downloads

42

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

ajianazajianaz

Keywords

clicode-reviewaigitpre-commit

Readme

CORA CLI

Catch bugs & security issues BEFORE you commit. Save 2+ hours/week on code reviews.

npm version downloads license

Website: https://codecora.dev | Docs: https://codecora.dev/docs/cli

CORA CLI brings AI code review to your local development workflow. Get instant feedback on your code changes before they leave your machine.

Features

  • Pre-commit Review - Review code changes before committing
  • Instant Feedback - Get AI analysis in seconds
  • Privacy-first - Your code diffs are analyzed directly by your AI provider
  • Git Hooks - Automatic review on every commit
  • Cross-platform - Works on macOS, Linux, and Windows
  • Auto-detection - Smart defaults for repository and branch
  • Git Integration - Native git commands for code inspection

Benefits

  • Save Time - Reduce code review time by 2+ hours per week
  • Catch Bugs Early - Find issues before they reach production
  • Security First - Detect vulnerabilities and security risks
  • Learn Best Practices - Get AI-powered suggestions for code improvement
  • Zero Friction - Works with your existing Git workflow

Installation

Using npm/bun (Requires Node.js 20+)

# Using npm
npm install -g @codecora/cli

# Using bun
bun install -g @codecora/cli

Quick Start

# 1. Install CORA CLI
npm install -g @codecora/cli

# 2. Initialize setup (recommended for first-time users)
cora init

# 3. Review staged changes
cora review

Getting Started Guide:

Run cora init for a guided setup wizard that will help you:

  • Choose between local development (OAuth) or CI/CD (API key) mode
  • Configure your OpenAI-compatible AI provider
  • Set up git hooks for automatic reviews

Check your configuration status anytime with:

cora config:status

Example Output:

✅ Review complete

Found 2 issues:

  🔴 Critical: SQL injection risk
    File: src/auth.ts:45
    User input not sanitized before query

  🟡 Major: Missing error handling
    File: src/api.ts:12
    API call lacks try-catch block

💡 Suggestions available. Run with --include-walkthrough for details.

Use Cases

CORA CLI is perfect for:

  • Pre-commit Hooks - Automatically review code before every commit
  • CI/CD Pipelines - Integrate into GitHub Actions, GitLab CI, Jenkins
  • Legacy Code Audit - Review entire codebases with --base flag
  • Pull Request Reviews - Check feature branches before merging
  • Learning Projects - Get AI feedback on code quality and best practices

Why CORA vs Others?

| Feature | CORA | SonarQube | CodeClimate | DeepSource | |---------|------|-----------|-------------|------------| | Setup Time | 30 seconds | Hours | Hours | Hours | | Pre-commit | ✅ Native | ❌ Plugin | ❌ Plugin | ❌ Plugin | | AI-Powered | ✅ GPT-4/Claude | ❌ Rule-based | ❌ Rule-based | ❌ Rule-based | | Your AI Key | ✅ Use your own | ❌ Locked in | ❌ Locked in | ❌ Locked in | | Privacy | ✅ Code stays local | ⚠️ Cloud scan | ⚠️ Cloud scan | ⚠️ Cloud scan | | Free Tier | ✅ 100 reviews/mo | ❌ $120/yr min | ❌ $50/yr min | ❌ Subscription | | Languages | All languages | Limited | Limited | Limited |

Key Differentiators:

  • Fastest Setup - Install and run in 30 seconds, no configuration needed
  • AI-Powered - Uses latest GPT-4/Claude models, not outdated rule engines
  • Your AI Key - Use your own OpenAI/Anthropic key, no vendor lock-in
  • Privacy-First - Code analyzed by YOUR AI provider, we never see your code
  • Zero Maintenance - No servers to manage, no databases to configure
  • Always Updated - Automatically benefits from latest AI model improvements

Usage

Authentication

# Quick setup (recommended for first-time users)
cora init                        # Guided setup wizard
cora init --mode local           # Local development with OAuth
cora init --mode cicd            # CI/CD with API key

# Check configuration status
cora config:status               # Show auth, provider, and hook status

# Login via GitHub OAuth
cora auth login

# Check authentication status
cora auth status

# Logout
cora auth logout

# View/set configuration
cora auth config [key] [value]

Setup Modes:

  • local - Interactive OAuth login for development
  • cicd - API key for CI/CD pipelines (get key from Dashboard)

Review Code

# Review staged changes (default)
cora review

# Review unstaged changes
cora review --unstaged

# Review specific files
cora review --files src/app.ts src/utils.ts

# Review committed changes
cora review --base main              # Review branch vs main
cora review --commits 3               # Review last 3 commits
cora review --revision-range abc..def # Review specific range
cora review --unpushed               # Review unpushed commits

# Output formats (pretty, json, compact, sarif)
cora review --format json       # Structured JSON for CI/CD
cora review --format compact    # Single-line per issue
cora review --format sarif      # SARIF for GitHub Advanced Security

# Write output to file
cora review --output-file review.json
cora review --format sarif --output-file results.sarif

Git Hooks

# Install pre-commit hook
cora hook install

# Uninstall hook
cora hook uninstall

# List installed hooks
cora hook list

# Quick enable/disable
cora enable    # Install pre-commit hook
cora disable   # Uninstall pre-commit hook

Git Commands

CORA CLI includes native git commands for code inspection:

# Show git blame for a file (author info per line)
cora blame src/app.ts
cora blame src/app.ts --line 42          # Show specific line
cora blame src/app.ts --format json      # JSON output

# Show git commit history
cora log
cora log --count 10                      # Last 10 commits
cora log --author "John"                 # Filter by author
cora log --since "2024-01-01"            # Since date
cora log --file src/app.ts               # Commits for file

# Show diff statistics
cora stats                               # Unstaged changes
cora stats --staged                      # Staged changes
cora stats --base main                   # Compare with main
cora stats --revision-range abc..def     # Compare range

# Show commit details
cora show                                # Current HEAD
cora show abc123                         # Specific commit
cora show --diff                         # Include diff

# Show git working tree status
cora git:status
cora git:status --short                  # Short format
cora git:status --format json            # JSON output

# Show current branch info
cora branch
cora branch --format json                # JSON output

Auto-detection: When running cora review, the CLI automatically detects:

  • Repository name from git remote (owner/repo format)
  • Current branch name
  • Shows detected info before starting review

Options

| Option | Description | |--------|-------------| | -w, --workspace <id> | Workspace ID | | -r, --repository <name> | Repository name (owner/repo) | | -b, --branch <name> | Branch name | | -s, --staged | Review staged changes (default) | | -u, --unstaged | Review unstaged changes | | -f, --files <files...> | Review specific files | | --base <ref> | Review changes from base ref to HEAD (e.g., "main") | | --revision-range <range> | Review specific commit range (e.g., "HEAD~3..HEAD") | | --commits <number> | Review last N commits | | --unpushed | Review unpushed commits | | --format <format> | Output format (pretty, json, compact, sarif) | | -o, --output-file <path> | Write output to file | | --no-color | Disable colored output |

Configuration

Configuration is stored in ~/.codecora/:

  • auth.json - Session token and user info
  • config.json - Preferences and settings

Environment Variables

| Variable | Description | |----------|-------------| | CORA_SKIP | Skip pre-commit hook when set to 1 | | CORA_SERVER | Override server URL | | CORA_WORKSPACE | Override workspace ID | | CORA_API_KEY | API key for CI/CD authentication |

CI/CD Integration

Supported Languages

CORA CLI supports code review for all programming languages including:

  • JavaScript / TypeScript
  • Python
  • Java / Kotlin
  • Go
  • Rust
  • PHP
  • Ruby
  • C# / .NET
  • And more...

Using API Keys (Recommended)

For CI/CD workflows, use API Keys instead of session tokens.

Getting an API Key:

  1. Login to codecora.dev
  2. Go to Dashboard → API Keys
  3. Click "Generate API Key"
  4. Copy the key and use in your CI/CD pipeline
# Example: GitHub Actions
- name: Run CORA Review
  run: |
    npm install -g @codecora/cli
    cora review --format json > review-results.json
  env:
    CORA_API_KEY: ${{ secrets.CORA_API_KEY }}
    CORA_SERVER_URL: https://codecora.dev

# Example: GitHub Advanced Security (SARIF)
- name: Run CORA Review (SARIF)
  run: |
    npm install -g @codecora/cli
    cora review --format sarif --output-file results.sarif --base main
  env:
    CORA_API_KEY: ${{ secrets.CORA_API_KEY }}
    CORA_SERVER_URL: https://codecora.dev

- name: Upload SARIF to GitHub Security
  uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: results.sarif

Benefits of API Keys:

  • No interactive login required
  • Can be scoped to specific permissions
  • Can have expiration dates
  • Revocable without affecting other workflows

Create API Key: Visit Dashboard → API Keys to generate a key for CI/CD.

Troubleshooting

Quick Diagnosis

# Check overall configuration status
cora config:status

This command shows:

  • Authentication status (session/API key)
  • AI provider configuration
  • Environment variables (CORA_API_KEY, CORA_SERVER_URL, OPENAI_API_KEY)
  • Git hooks status

Authentication Errors

The CLI now provides helpful guidance when authentication is missing:

# Check your authentication status
cora auth status

# Re-authenticate if needed
cora auth login

# For CI/CD, set API key
export CORA_API_KEY=your_api_key_here

Common Error Messages

"Not in a git repository"

  • Initialize: git init
  • Navigate to a git repository
  • Clone a repository: git clone <url>

"Authentication required"

  • Local development: cora auth login
  • CI/CD: Set CORA_API_KEY environment variable

"Invalid API key"

  • Verify key at Dashboard → API Keys
  • Regenerate key if expired
  • Check CORA_API_KEY environment variable

Hook Not Running

# Verify hook is installed
cora hook list

# Reinstall hook
cora hook uninstall && cora hook install

Skip Hook Temporarily

# Skip for one commit
git commit --no-verify -m "message"

# Or use environment variable
CORA_SKIP=1 git commit -m "message"

Requirements

  • Node.js 20+ or Bun 1.0+
  • A Codecora account (sign up at https://codecora.dev)
  • An OpenAI-compatible API key configured in your workspace

Pricing

  • Free Tier - 100 reviews/month during beta
  • Pro Tier - Coming soon
  • Enterprise - Contact us for custom solutions

License

MIT © CORA

Support

Getting Help: