npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@getdebug/cli

v0.5.9

Published

AI-powered codebase analyzer and auto-fixer. Run security + bug checks before you ship.

Downloads

1,448

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

fafanutifafafafanutifafa

Keywords

securitysaststatic-analysisbug-finderaiclaudellmcode-reviewcicli

Readme

@getdebug/cli

AI-powered codebase analyzer and auto-fixer. Find bugs and security issues before you ship — secrets, dependency CVEs, prompt injection, weak crypto, and more. Auto-fix-safe categories ship a PR with the patch attached.

Published under the @getdebug npm scope; source lives at github.com/getdebug-ai/cli. The short scope name on npm is intentional — your package.json and CI commands stay clean. Once installed, the binary it exposes is getdebug.

Quick start

# Run once, no install:
npx @getdebug/cli analyze .

# Or install globally — the binary is `getdebug`:
npm i -g @getdebug/cli
getdebug analyze .

# Gate your CI on critical + high findings:
npx @getdebug/cli analyze . --ci --fail-on=high

Verify before you alert (new in 0.5.0)

Regex matches keys by shape — every sk_… or ghp_… string in a fixture or rotated config trips a critical. --verify (on by default) makes one read-only request per distinct candidate against the provider's whoami endpoint and records whether the key is actually live, so the noisy ones step out of your CI gate without silently disappearing from the report.

# Default — every secret finding gets a verification badge:
getdebug analyze .

# Hide the rejected-by-provider rows (unknown still surfaces — a
# provider outage must never silently mask a real leak):
getdebug analyze . --only-verified

# Strictest CI gate: only LIVE secrets + REACHABLE CVEs fail:
getdebug analyze . --ci --fail-on=verified-high

# Air-gapped CI? Skip the outbound call entirely:
getdebug analyze . --verify=false

Providers covered today: OpenAI, Anthropic, xAI, GitHub PAT (classic + fine-grained), Stripe, Paystack, GitLab, npm, SendGrid, Slack. Each verifier is one GET (or POST for Slack's auth.test), 5s timeout, 5 req/s per-provider, identical keys deduped per run.

What this package is

This npm package is a thin launcher. On install it downloads the right prebuilt getdebug binary for your platform from the GitHub releases page and execs it when you call getdebug …. The binary itself is a Go program (source) — no Go toolchain required on your machine.

Supported platforms

| OS | Arch | | --- | --- | | macOS | x86_64, arm64 | | Linux | x86_64, arm64 | | Windows | x86_64, arm64 |

Environment variables

  • GETDEBUG_BINARY=/abs/path — bypass the bundled binary and use the one at this path. Useful for monorepo dev workflows where you're running your own go build output.
  • GETDEBUG_SKIP_DOWNLOAD=1 — skip the postinstall download entirely. Pair with GETDEBUG_BINARY in CI sandboxes that can't reach GitHub releases.

License

MIT