npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@devsecurex/cli

v0.3.0

Published

DevSecureX CLI - Advanced security scanning tool for developers. Detect vulnerabilities across 20+ programming languages with comprehensive SAST, dependency analysis, secrets detection, and compliance reporting. Integrates seamlessly with CI/CD pipelines

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

harshaltribhuvanharshaltribhuvan

Keywords

securityclidevsecurexvulnerability-scannerstatic-analysissecurity-testingdevopsdevsecopscode-securitysastcomplianceowaspjavascriptpythonjavaenterprise

Readme

DevSecureX CLI

Enterprise security scanning for modern development teams

DevSecureX CLI is a comprehensive security scanning tool that analyzes your code across 20+ programming languages using 12+ industry-leading security tools. Detect vulnerabilities, security issues, and compliance violations before they reach production.

Key Features:

  • 🔍 Multi-language support - JavaScript, Python, Java, Go, C#, PHP, Ruby, Rust, C/C++, and more
  • 🛡️ Comprehensive analysis - SAST, dependency scanning, secrets detection, infrastructure as code
  • 📊 Compliance reporting - OWASP Top 10, PCI DSS, SOX mapping
  • 🚀 CI/CD integration - SARIF output, exit codes, and pipeline-ready commands
  • 📈 Actionable insights - Clear remediation guidance with code context
  • Fast & efficient - Single file scans in <1 minute, full projects in 3-5 minutes

Table of Contents

Installation

# Install globally via npm
npm install -g @devsecurex/cli

# Verify installation
devsecurex --version

# Check system requirements
devsecurex debug info

Requirements:

  • Node.js 18.0 or higher
  • DevSecureX API key (sign up free)
  • Internet connection for API access

Authentication Setup

Before using DevSecureX CLI, you need an API key:

  1. Sign up at app.devsecurex.com
  2. Get your API key from Settings → API Keys (starts with dsx_)
  3. Setup authentication:
# Interactive setup (recommended)
devsecurex auth setup

# Or use environment variable
export DEVSECUREX_API_KEY="dsx_your_api_key_here"

# Verify authentication
devsecurex auth status

What happens during auth setup:

  • API key is validated against DevSecureX backend
  • Credentials are stored securely in your system keychain
  • Authentication status and scopes are displayed
  • You're ready to start scanning

Quick Start

# First-time setup workflow
devsecurex auth setup                    # Step 1: Authenticate
devsecurex scan                           # Step 2: Run first scan
devsecurex results list                   # Step 3: View scan history

# Daily developer workflow
devsecurex scan src/                      # Scan before committing
devsecurex results show <latest-scan-id>  # Review findings
devsecurex results export <scan-id> -f sarif # Export for CI/CD

Commands

Scan Command

Run comprehensive security analysis on your code.

What happens when you scan:

  1. CLI reads files from the specified path
  2. Code is securely uploaded to DevSecureX backend
  3. 12+ security tools analyze your code (3-5 minutes for full projects)
  4. Results are displayed with severity, location, and remediation advice
  5. Scan results are stored locally and on the platform for future reference
devsecurex scan [path] [options]

Arguments:

  • [path] - Path to scan (file or directory). Default: current directory

Options: | Option | Description | Default | |--------|-------------|---------| | -o, --output <format> | Output format: terminal, json, sarif | terminal | | --save <file> | Save results to file | - | | --export-sarif <path> | Export in SARIF format for CI/CD | - | | --compliance <frameworks> | Compliance frameworks: owasp, pci, sox (comma-separated) | - | | --custom-rules | Include custom security rules (premium) | false | | --community-rules | Include community rules | false | | --custom-rule-ids <ids> | Specific custom rule IDs (comma-separated) | - | | --community-rule-ids <ids> | Specific community rule IDs (comma-separated) | - | | --fail-on <severity> | Exit with error on severity: critical, high, medium, low | critical | | --timeout <seconds> | Scan timeout in seconds | 600 | | --niche <niche> | Security focus: ai, blockchain, iot, web3, cloud, api, all | all | | --tools <tools> | Specific tools to run (comma-separated) | All available | | --no-progress | Disable progress indicators | - | | --classic-ui | Use classic progress display | - | | -y, --yes | Skip confirmation prompts | - | | -v, --verbose | Show detailed logging | - |

Examples:

# Scan current directory
devsecurex scan

# Scan specific file (fast: <1 minute)
devsecurex scan src/index.js

# Scan specific directory
devsecurex scan ./src

# Scan with all options
devsecurex scan ./src --output json --save report.json --fail-on high -y

# CI/CD integration scan
devsecurex scan --fail-on critical --export-sarif results.sarif

# Compliance-focused scan
devsecurex scan --compliance "owasp,pci,sox" --fail-on medium

# Custom rules scan (premium)
devsecurex scan --custom-rules --custom-rule-ids "rule-123,rule-456"

# Niche-specific security analysis
devsecurex scan --niche blockchain ./smart-contracts

# Quick scan with specific tools
devsecurex scan --tools "semgrep,bandit,gitleaks" --timeout 300

Output:

  • Security score (0-100)
  • Critical/High/Medium/Low issue counts
  • Detailed findings with file location and line numbers
  • Code context showing vulnerable code
  • Compliance framework mapping (if requested)
  • Recommended fixes and remediation steps

Results Commands

Manage and view scan results.

List Scans

List recent scan results with pagination and filtering.

devsecurex results list [options]

Options: | Option | Description | Default | |--------|-------------|---------| | -l, --limit <number> | Results per page | 20 | | -p, --page <number> | Page number for pagination | 1 | | -r, --repository <repo> | Filter by repository name | - | | -s, --status <status> | Filter by status: completed, failed, processing | - | | -t, --type <type> | Filter by scan type: manual, pr_scan, scheduled | - | | --format <format> | Output format: table, json | table |

Examples:

# List first 20 scans
devsecurex results list

# Show page 2
devsecurex results list --page 2

# Show 50 results per page
devsecurex results list --limit 50

# Filter by status
devsecurex results list --status completed

# Filter by repository
devsecurex results list --repository "my-app"

# Output as JSON for scripting
devsecurex results list --format json

# Combine filters
devsecurex results list --status completed --limit 10 --page 1

Output:

Showing page 1 of 2 (22 total)
Use --page option for more results

Show Scan Details

Display detailed results for a specific scan.

devsecurex results show <scan-id> [options]

Arguments:

  • <scan-id> - Scan ID to display (required)

Options: | Option | Description | Default | |--------|-------------|---------| | --format <format> | Output format: terminal, json | terminal | | --issues-only | Show only security issues | false |

Examples:

# View scan details
devsecurex results show cli-abc123-1759500986

# Show only issues (no metadata)
devsecurex results show cli-abc123-1759500986 --issues-only

# Export as JSON
devsecurex results show cli-abc123-1759500986 --format json > scan.json

Output includes:

  • Scan metadata (ID, repository, date, type)
  • Security score breakdown
  • Issue summary by severity
  • Scan performance metrics
  • Compliance status
  • Detailed issues with code context
  • Recommended actions

Export Scan Results

Export scan results in various formats.

devsecurex results export <scan-id> [options]

Arguments:

  • <scan-id> - Scan ID to export (required)

Options: | Option | Description | Default | |--------|-------------|---------| | -f, --format <format> | Export format: json, sarif, csv, pdf | json | | -o, --output <file> | Output file path | Auto-generated |

Examples:

# Export as JSON
devsecurex results export cli-abc123-1759500986 -f json -o report.json

# Export as SARIF for GitHub Advanced Security
devsecurex results export cli-abc123-1759500986 -f sarif -o results.sarif

# Export as CSV for spreadsheet analysis
devsecurex results export cli-abc123-1759500986 -f csv -o issues.csv

# Export as PDF for reporting
devsecurex results export cli-abc123-1759500986 -f pdf -o security-report.pdf

Compare Scans

Compare two scan results to see changes.

devsecurex results compare <scan-id-1> <scan-id-2> [options]

Arguments:

  • <scan-id-1> - First scan ID (baseline)
  • <scan-id-2> - Second scan ID (comparison)

Options: | Option | Description | Default | |--------|-------------|---------| | --format <format> | Output format: terminal, json | terminal |

Examples:

# Compare two scans
devsecurex results compare cli-abc123-001 cli-abc123-002

# Export comparison as JSON
devsecurex results compare cli-abc123-001 cli-abc123-002 --format json

Output shows:

  • Score change (improvement/regression)
  • New issues introduced
  • Fixed issues
  • Unchanged issues
  • Severity distribution changes

Scan Statistics

Show aggregate statistics across all scans.

devsecurex results stats

Output includes:

  • Total scans (completed, failed, active)
  • Critical issues count
  • Top scanned repositories
  • Overall trends

Authentication Commands

Manage API authentication and credentials.

devsecurex auth setup              # Setup API key authentication
devsecurex auth status             # Check authentication status
devsecurex auth logout             # Clear stored credentials

Examples:

# Interactive setup
devsecurex auth setup

# Check if authenticated
devsecurex auth status

# Clear credentials
devsecurex auth logout

Configuration Commands

Manage CLI configuration and scan presets.

Core Configuration

devsecurex config init                  # Create default configuration
devsecurex config show                  # Display current configuration
devsecurex config set <key> <value>     # Set configuration value
devsecurex config get <key>             # Get configuration value
devsecurex config list                  # List all configuration keys
devsecurex config reset                 # Reset to defaults

Options for config init: | Option | Description | |--------|-------------| | --global | Create global configuration | | --project | Create project-level configuration |

Options for config show: | Option | Description | |--------|-------------| | --source | Show configuration source path | | --format <format> | Output format: table, json |

Options for config set: | Option | Description | |--------|-------------| | --global | Set in global configuration |

Examples:

# Initialize interactive configuration
devsecurex config init

# Show current configuration
devsecurex config show

# Show with source path
devsecurex config show --source

# Set a value
devsecurex config set scanning.defaultNiche ai

# Set global value
devsecurex config set api.endpoint https://api.devsecurex.com --global

# Get a value
devsecurex config get scanning.defaultNiche

# List all keys
devsecurex config list

# Reset configuration
devsecurex config reset

Scan Presets

Manage reusable scan configurations.

devsecurex config presets list          # List available presets
devsecurex config presets create <name> # Create custom preset
devsecurex config presets show <name>   # Show preset details
devsecurex config presets delete <name> # Delete preset

Examples:

# List all presets
devsecurex config presets list

# Create a custom preset
devsecurex config presets create my-api-scan

# Show preset configuration
devsecurex config presets show my-api-scan

# Delete preset
devsecurex config presets delete my-api-scan --confirm

Rules Management

Manage custom and community security rules (Premium feature).

devsecurex rules list                   # List available rules
devsecurex rules search <query>         # Search for rules
devsecurex rules show <rule-id>         # Show rule details
devsecurex rules test <rule-id>         # Test rule with sample code
devsecurex rules vote <rule-id>         # Vote on community rule
devsecurex rules use <rule-ids...>      # Add rules to config

Options for rules list: | Option | Description | Default | |--------|-------------|---------| | -t, --tool <tool> | Filter by tool | - | | -l, --language <lang> | Filter by language | - | | -n, --niche <niche> | Filter by security niche | - | | --mine | Show only user-created rules | false | | --community | Show community rules | false | | --limit <number> | Number of rules to show | 20 | | --format <format> | Output format: table, json | table |

Options for rules test: | Option | Description | |--------|-------------| | -f, --file <file> | Test with code from file | | -c, --code <code> | Test with inline code | | -l, --language <lang> | Code language |

Options for rules vote: | Option | Description | |--------|-------------| | --upvote | Upvote the rule | | --downvote | Downvote the rule |

Options for rules use: | Option | Description | |--------|-------------| | --preset <name> | Save as scan preset |

Examples:

# List all rules
devsecurex rules list

# List user-created rules
devsecurex rules list --mine

# List community rules for Python
devsecurex rules list --community --language python

# Search for rules
devsecurex rules search "sql injection"

# Show rule details
devsecurex rules show rule-semgrep-sqli-001

# Test rule with file
devsecurex rules test rule-123 --file vulnerable.py

# Test rule with inline code
devsecurex rules test rule-123 --code "SELECT * FROM users WHERE id = ${input}"

# Vote on a rule
devsecurex rules vote rule-456 --upvote

# Add rules to configuration
devsecurex rules use rule-123 rule-456 rule-789

# Save rules as preset
devsecurex rules use rule-123 rule-456 --preset my-security-rules

Sessions Management

Manage long-running scan sessions.

devsecurex sessions list                # List active sessions
devsecurex sessions create [name]       # Create new session
devsecurex sessions end <session-id>    # End session

Aliases:

  • devsecurex sessions ls - Alias for list

Options for sessions list: | Option | Description | Default | |--------|-------------|---------| | --format <format> | Output format: table, simple, json | table |

Options for sessions create: | Option | Description | |--------|-------------| | --description <desc> | Session description |

Examples:

# List all active sessions
devsecurex sessions list

# Create a new session
devsecurex sessions create "Q4 Security Review"

# Create with description
devsecurex sessions create "Weekly Scan" --description "Automated weekly security scan"

# End a session
devsecurex sessions end abc123def456

# Export session list as JSON
devsecurex sessions list --format json

Statistics & Analytics

View CLI usage statistics and trends.

devsecurex stats [options]

Options: | Option | Description | Default | |--------|-------------|---------| | -d, --days <number> | Time period in days (1-365) | 30 | | --format <format> | Output format: table, simple, json | table | | --trends | Show usage trends and recommendations | false |

Examples:

# Show last 30 days statistics
devsecurex stats

# Show last 7 days
devsecurex stats --days 7

# Show with trends and recommendations
devsecurex stats --trends

# Export as JSON
devsecurex stats --format json --days 90

Output includes:

  • Total scans (successful, failed)
  • Success rate with visual progress bar
  • Average scan duration
  • Total issues found
  • Average issues per scan
  • Usage insights and recommendations
  • Performance metrics
  • Trends analysis

Health & Diagnostics

Check system health and debug issues.

Health Check

Check CLI and backend service health.

devsecurex health [options]

Options: | Option | Description | |--------|-------------| | --detailed | Show detailed health information | | --json | Output as JSON |

Examples:

# Quick health check
devsecurex health

# Comprehensive health check
devsecurex health --detailed

# JSON output for monitoring
devsecurex health --json

Output shows:

  • Service status (healthy/degraded)
  • API version
  • Available security tools
  • Supported languages
  • Authentication status (with --detailed)
  • CLI environment (with --detailed)

Debug Commands

System diagnostics and troubleshooting.

devsecurex debug info                   # Show system information
devsecurex debug health                 # Check API connectivity
devsecurex debug logs                   # Show recent log entries
devsecurex debug validate-config        # Validate configuration

Options for debug logs: | Option | Description | Default | |--------|-------------|---------| | -n, --lines <number> | Number of log lines | 50 | | -f, --follow | Follow logs in real-time | false |

Examples:

# Show system info
devsecurex debug info

# Check API connectivity
devsecurex debug health

# Show last 50 log lines
devsecurex debug logs

# Follow logs in real-time
devsecurex debug logs --follow

# Show last 100 log lines
devsecurex debug logs --lines 100

# Validate configuration
devsecurex debug validate-config

User Profile

View user account information and usage summary.

devsecurex profile [options]

Aliases:

  • devsecurex me

Options: | Option | Description | Default | |--------|-------------|---------| | --format <format> | Output format: table, simple, json | table |

Examples:

# Show profile (table format)
devsecurex profile

# Show profile (simple text)
devsecurex profile --format simple

# Export profile as JSON
devsecurex profile --format json

# Using alias
devsecurex me

Output includes:

  • Account information (username, email, user ID)
  • Account type (Free/Premium)
  • Premium expiry date (if applicable)
  • CLI usage summary (last 7 days)
  • Success rate
  • Most used tools
  • Primary language
  • Recommendations

Environment Variables

Configure DevSecureX CLI using environment variables:

# API Configuration
export DEVSECUREX_API_KEY="dsx_your_api_key"
export DEVSECUREX_API_ENDPOINT="https://api.devsecurex.com"

# Logging
export LOG_LEVEL="warn"                    # Options: error, warn, info, debug
export DEVSECUREX_VERBOSE="false"          # Show detailed logs (true/false)

# Behavior
export NODE_ENV="production"               # Environment mode
export DEVSECUREX_OUTPUT_FORMAT="terminal" # Default output format
export DEVSECUREX_COLORS="true"            # Enable colored output (true/false)

# Development & Debugging
export DEVSECUREX_DEBUG="false"            # Enable debug mode
export DEBUG="*"                           # Node.js debug logging

Priority order:

  1. Command-line options (highest priority)
  2. Environment variables
  3. Project configuration file (.devsecurex.yml)
  4. Global configuration file
  5. Default values (lowest priority)

Exit Codes

The CLI uses standard exit codes for automation:

| Code | Meaning | When it occurs | |------|---------|----------------| | 0 | Success | Scan completed successfully | | 1 | General error | Command execution failed | | 2 | Authentication error | Invalid or missing API key | | 3 | Scan failed | Issues found with --fail-on threshold | | 4 | Network error | Cannot connect to API | | 5 | Configuration error | Invalid configuration |

Examples:

# Exit 0 - Success
devsecurex scan
echo $?  # 0

# Exit 3 - Scan failed (critical issues found)
devsecurex scan --fail-on critical
echo $?  # 3 (if critical issues found)

# Exit 2 - Authentication error
DEVSECUREX_API_KEY="" devsecurex scan
echo $?  # 2

CI/CD Integration

GitHub Actions

name: Security Scan

on: [push, pull_request]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '18'

      - name: Install DevSecureX CLI
        run: npm install -g @devsecurex/cli

      - name: Run Security Scan
        env:
          DEVSECUREX_API_KEY: ${{ secrets.DEVSECUREX_API_KEY }}
        run: |
          devsecurex scan --fail-on high --export-sarif results.sarif

      - name: Upload SARIF to GitHub Security
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results.sarif

GitLab CI

security_scan:
  image: node:18
  stage: test
  script:
    - npm install -g @devsecurex/cli
    - devsecurex scan --fail-on critical --export-sarif results.sarif
  artifacts:
    reports:
      sast: results.sarif
  only:
    - merge_requests
    - main

Jenkins

pipeline {
  agent any

  environment {
    DEVSECUREX_API_KEY = credentials('devsecurex-api-key')
  }

  stages {
    stage('Security Scan') {
      steps {
        sh 'npm install -g @devsecurex/cli'
        sh 'devsecurex scan --fail-on high --export-sarif results.sarif'
      }
    }
  }

  post {
    always {
      archiveArtifacts artifacts: 'results.sarif'
    }
  }
}

CircleCI

version: 2.1

jobs:
  security-scan:
    docker:
      - image: cimg/node:18.0
    steps:
      - checkout
      - run:
          name: Install DevSecureX CLI
          command: npm install -g @devsecurex/cli
      - run:
          name: Run Security Scan
          command: devsecurex scan --fail-on critical --export-sarif results.sarif
      - store_artifacts:
          path: results.sarif

workflows:
  scan:
    jobs:
      - security-scan

Pre-commit Hook

Add to .git/hooks/pre-commit:

#!/bin/bash

echo "Running security scan..."
devsecurex scan --fail-on critical

if [ $? -ne 0 ]; then
  echo "Security scan failed. Fix issues before committing."
  exit 1
fi

echo "Security scan passed!"

Configuration Files

Project Configuration

Create .devsecurex.yml in your project root:

# API Configuration
api:
  endpoint: https://api.devsecurex.com
  timeout: 30000

# Scanning defaults
scanning:
  defaultNiche: all
  enableCustomRules: false
  enableCommunityRules: true
  excludePatterns:
    - "node_modules/**"
    - "vendor/**"
    - ".git/**"
    - "dist/**"
    - "build/**"
    - "coverage/**"
    - "*.test.js"
    - "*.spec.js"
    - "*.min.js"

# Output settings
output:
  format: terminal
  colors: true
  showProgress: true
  autoExport: false

# Cache settings
cache:
  enabled: true
  ttl: 3600

Global Configuration

Located at ~/.config/devsecurex/config.yml:

# Global settings apply to all projects
scanning:
  defaultNiche: all
  excludePatterns:
    - "node_modules/**"
    - ".git/**"

output:
  colors: true
  showProgress: true

Configuration priority:

  1. Command-line options (highest)
  2. Project .devsecurex.yml
  3. Global config
  4. Defaults (lowest)

Troubleshooting

Authentication Issues

# Check authentication status
devsecurex auth status

# Re-authenticate
devsecurex auth logout
devsecurex auth setup

# Verify API key format (should start with dsx_)
echo $DEVSECUREX_API_KEY

Network Issues

# Check API connectivity
devsecurex debug health

# Check detailed health
devsecurex health --detailed

# Verify endpoint configuration
devsecurex config get api.endpoint

Scan Failures

# Enable verbose logging
devsecurex scan --verbose

# Check debug logs
devsecurex debug logs --lines 100

# Validate configuration
devsecurex debug validate-config

# Check system info
devsecurex debug info

Performance Issues

# Scan smaller directories
devsecurex scan ./src/critical

# Increase timeout
devsecurex scan --timeout 900

# Use specific tools
devsecurex scan --tools "semgrep,bandit"

# Exclude patterns
# Add to .devsecurex.yml:
# scanning:
#   excludePatterns:
#     - "node_modules/**"
#     - "*.test.js"

Common Error Messages

"Authentication required"

# Solution: Setup API key
devsecurex auth setup

"Cannot connect to DevSecureX backend"

# Solution: Check internet connection and endpoint
devsecurex debug health
devsecurex config get api.endpoint

"Scan failed: timeout"

# Solution: Increase timeout or scan smaller directory
devsecurex scan --timeout 900
devsecurex scan ./src

"Invalid API key"

# Solution: Verify key format and re-authenticate
echo $DEVSECUREX_API_KEY  # Should start with dsx_
devsecurex auth logout
devsecurex auth setup

Support

License

This project is licensed under the MIT License - see the LICENSE file for details.

DevSecureX CLI - Ship code that's safe by default.

Made with ❤️ by the DevSecureX team