npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@etcsec-com/etc-collector

v1.5.9

Published

Active Directory and Azure AD security auditing tool

Downloads

1,078

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

etcsecetcsec

Keywords

Readme

etc-collector-com

Active Directory and Azure AD security auditing tool with comprehensive vulnerability detection

Overview

etc-collector-com is a security auditing tool designed to scan Active Directory and Azure AD environments for vulnerabilities and misconfigurations. It detects 87 AD vulnerability types and 27 Azure vulnerability types, providing detailed risk assessments and remediation recommendations.

Features

  • 11 REST API Endpoints: Comprehensive API for audit operations, authentication, and exports
  • 114 Vulnerability Types: 87 AD + 27 Azure security checks
  • JWT Authentication: Secure RS256 token-based authentication
  • Multiple Export Formats: JSON and CSV export capabilities
  • Rate Limited: Built-in rate limiting for API protection
  • Dockerized: Ready-to-deploy Docker container (<150MB)
  • TypeScript: Fully typed with strict mode enabled
  • Well Tested: ≥80% code coverage target

Prerequisites

  • Node.js: 20.x LTS or higher
  • Docker: 24+ (for containerized deployment)
  • npm: 10.x or higher

Installation

Local Development Setup

  1. Clone the repository

    git clone https://github.com/etcsec-com/etc-collector.git
cd etc-collector

  2. Install dependencies

    npm install

  3. Configure environment

    cp .env.example .env
# Edit .env with your configuration

  4. Run in development mode

    npm run dev

Docker Deployment

  1. Using Docker Compose (Recommended)

    docker-compose up -d

  2. Using Docker directly

    docker build -t etc-collector .
docker run -d -p 8443:8443 \
  --env-file .env \
  -v ./data:/app/data \
  -v ./logs:/app/logs \
  etc-collector

Configuration

Copy .env.example to .env and configure the following:

  • Server: Port and Node environment
  • LDAP: Active Directory connection details
  • JWT: Authentication secret and token settings
  • Azure: Azure AD credentials (optional)
  • Logging: Log level and format
  • Database: SQLite database path

See .env.example for detailed configuration options.

Usage

Running Tests

# Run all tests
npm test

# Run tests in watch mode
npm run test:watch

# Run tests with coverage
npm run test:coverage

Building for Production

# Compile TypeScript
npm run build

# Run production build
npm run start

Code Quality

# Lint code
npm run lint

# Fix linting issues
npm run lint:fix

# Format code with Prettier
npm run format

# Type check without compilation
npm run typecheck

Project Structure

etc-collector-com/
├── src/                    # TypeScript source code
│   ├── api/               # API controllers, routes, middlewares
│   ├── services/          # Business logic
│   ├── providers/         # LDAP and Azure providers
│   ├── data/              # Database repositories and models
│   ├── types/             # TypeScript type definitions
│   ├── utils/             # Utility functions
│   └── server.ts          # Server entry point
├── tests/                 # Test suite
│   ├── unit/              # Unit tests
│   ├── integration/       # Integration tests
│   └── e2e/               # End-to-end tests
├── docs/                  # Documentation
├── scripts/               # Utility scripts
└── .github/workflows/     # CI/CD pipelines

API Endpoints

The API provides 11 endpoints for audit operations:

  1. GET /health - Health check
  2. POST /api/v1/auth/token - Generate JWT token
  3. POST /api/v1/auth/validate - Validate token
  4. POST /api/v1/auth/revoke - Revoke token
  5. GET /api/v1/auth/tokens - List tokens
  6. POST /api/v1/audit/ad - Run AD audit
  7. GET /api/v1/audit/ad/status - Test LDAP connection
  8. POST /api/v1/audit/ad/export - Export AD audit
  9. POST /api/v1/audit/azure - Run Azure audit
  10. GET /api/v1/audit/azure/status - Test Graph connection
  11. POST /api/v1/audit/azure/export - Export Azure audit

For detailed API documentation, see docs/api/.

Development

Coding Standards

  • TypeScript Strict Mode: All strict flags enabled
  • Max File Size: 300 lines per file (enforced by ESLint)
  • Max Complexity: 10 cyclomatic complexity
  • Max Nesting: 3 levels deep
  • No any Types: Explicit types required

See the source code for coding style examples.

Contributing

  1. Create a feature branch
  2. Make your changes
  3. Ensure tests pass: npm test
  4. Ensure linting passes: npm run lint
  5. Ensure type checking passes: npm run typecheck
  6. Submit a pull request

Documentation

License

ISC

Support

For issues and feature requests, please visit: https://github.com/etcsec-com/etc-collector/issues