@cypher-ai/cli

Security scanner for JavaScript and TypeScript projects — secrets, dependencies, and routes, with optional AI fix suggestions.

Install

npm install -g @cypher-ai/cli
# or run without installing:
npx @cypher-ai/cli scan .

Usage

# Full scan (dependencies, secrets, routes)
cypher scan ./my-app

# Code-review mode (dependencies + secrets only — good for CI/PRs)
cypher review ./my-app

# Write a PDF report (also: json | html | both | all)
cypher scan ./my-app --format pdf

# PDF report with AI fix suggestions embedded for critical/high findings
cypher scan ./my-app --format pdf --with-ai

# AI-powered fix / explanation for a finding from the last report
cypher fix --id <finding-id> ./my-app
cypher explain --id <finding-id> ./my-app

# Export the project's import/dependency graph as JSON
cypher graph ./my-app

Reports are written to <project>/cypher-report/ by default (override with -o <dir>).

scan options

| Option | Description | |--------|-------------| | -f, --format <fmt> | json | html | pdf | both (default) | all | | -o, --output <dir> | Report output directory | | --fail-on <severity> | Exit 3 if findings at or above critical/high/medium/low | | --with-ai | Embed AI fix suggestions for critical/high findings in the PDF | | --upload | Upload the scan result to a Cypher API server |

Exit codes

| Code | Meaning | |------|---------| | 0 | No findings | | 1 | Findings found | | 2 | Error while running | | 3 | Findings at or above --fail-on severity |

Environment variables

| Variable | Purpose | |----------|---------| | AI_PROVIDER | groq (default if GROQ_API_KEY set) or openai | | GROQ_API_KEY | Use Groq for AI fix / explain / --with-ai | | OPENAI_API_KEY | Use OpenAI for AI features | | CYPHER_API_URL | Base URL of a Cypher API server (for --upload) | | CYPHER_TOKEN | JWT auth token for the server | | CYPHER_PROJECT_ID | Target project id for uploads |

License

MIT