npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@gitguard/cli

v1.3.0

Published

GitGuard CLI - Security scanning for developers

Downloads

194

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jstgermainjstgermain

Keywords

securityscannerclivulnerabilitycode-analysisstatic-analysis

Readme

GitGuard CLI

🛡️ Security scanning for developers - Find vulnerabilities in your code before they reach production.

NPM Version License: MIT

Features

  • 🔍 Comprehensive Security Scanning - Detect SQL injection, XSS, CSRF, and 50+ vulnerability patterns
  • Fast & Easy - Scan your code in seconds with a single command
  • 🎯 CI/CD Ready - Perfect for pre-commit hooks and automated pipelines
  • 🔐 Privacy First - Scans run securely through GitGuard's API with enterprise-grade security
  • 📊 Subscription Tiers - Free (5/day), Pro (100/day), Premier (unlimited scans + all features)

Quick Start

# Install globally
npm install -g @gitguard/cli

# Login to GitGuard
gitguard login

# Scan your code
gitguard scan

Installation

NPM

npm install -g @gitguard/cli

Yarn

yarn global add @gitguard/cli

Usage

Authentication

Before scanning, authenticate with your GitGuard account:

gitguard login

If you don't have an account, sign up at gitguard.net.

Scanning Code

The CLI automatically uses your web app preferences! If you have AI scanning enabled in your GitGuard account, the CLI will use it by default.

Scan the current directory (uses your default settings):

gitguard scan

Scan a specific directory:

gitguard scan --dir ./src

Scan a single file:

gitguard scan --file ./src/api/auth.ts

Override your default settings:

Force enable AI analysis (even if disabled in your account):

gitguard scan --ai

Disable AI analysis (even if enabled in your account):

gitguard scan --no-ai

Enable/disable specific features:

gitguard scan --dependencies --no-ai  # Dependencies: yes, AI: no
gitguard scan --secrets --no-dependencies  # Secrets: yes, Dependencies: no

Output JSON for CI/CD:

gitguard scan --json

Check Your Account

View your subscription and usage limits:

gitguard whoami

Logout

gitguard logout

Commands

| Command | Description | |---------|-------------| | gitguard login | Authenticate with GitGuard | | gitguard logout | Log out of your account | | gitguard scan | Scan code for vulnerabilities | | gitguard whoami | Show current user and subscription info | | gitguard --help | Show help |

Scan Options

| Option | Description | |--------|-------------| | -d, --dir <path> | Directory to scan (default: current directory) | | -f, --file <path> | Scan a specific file | | --ai | Force enable AI-powered analysis | | --no-ai | Disable AI-powered analysis | | --dependencies | Force enable dependency scanning | | --no-dependencies | Disable dependency scanning | | --secrets | Force enable secret detection | | --no-secrets | Disable secret detection | | --json | Output results as JSON |

Note: By default, the CLI uses your web app preferences. Override flags (--ai, --dependencies, --secrets) force-enable features. Disable flags (--no-ai, --no-dependencies, --no-secrets) force-disable them.

Subscription Tiers

Free

  • 5 scans per day
  • Basic vulnerability detection (50+ patterns)
  • JSON export for CI/CD
  • Public repository scanning

Pro

  • 100 scans per day
  • Everything in Free
  • AI-powered vulnerability analysis
  • Enhanced scanning
  • Report exports (CSV, JSON, HTML)
  • Private repository scanning

Premier

  • Unlimited scans
  • Everything in Pro
  • All features enabled by default:
    • AI-powered vulnerability analysis ✓
    • Dependency scanning ✓
    • Secret detection ✓
    • DDoS testing ✓
    • Continuous monitoring ✓
    • Webhook notifications ✓
  • Priority support
  • SLA guarantee

View full pricing

CI/CD Integration

GitHub Actions

name: Security Scan

on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install GitGuard CLI
        run: npm install -g @gitguard/cli
      - name: Run security scan
        env:
          GITGUARD_API_TOKEN: ${{ secrets.GITGUARD_API_TOKEN }}
        run: |
          echo "$GITGUARD_API_TOKEN" | gitguard login --token
          gitguard scan --json > scan-results.json
      - name: Upload scan results
        uses: actions/upload-artifact@v3
        with:
          name: security-scan
          path: scan-results.json

Pre-commit Hook

Add to .git/hooks/pre-commit:

#!/bin/sh

# Run GitGuard scan on staged files
gitguard scan --dir .

if [ $? -ne 0 ]; then
  echo "Security issues found! Fix them or use --no-verify to bypass."
  exit 1
fi

Make it executable:

chmod +x .git/hooks/pre-commit

Exit Codes

  • 0 - No critical or high severity vulnerabilities found
  • 1 - Critical or high severity vulnerabilities found, or scan error

Perfect for failing CI/CD pipelines on security issues!

What Gets Scanned?

The CLI automatically scans these file types:

  • Web: TypeScript, JavaScript (.ts, .tsx, .js, .jsx)
  • Backend: Python (.py), Ruby (.rb), PHP (.php), Go (.go)
  • Mobile: Swift (.swift), Kotlin (.kt)
  • Systems: Rust (.rs), C/C++ (.c, .cpp), C# (.cs)
  • JVM: Java (.java), Scala (.scala)

Smart Exclusions:

  • Automatically respects your .gitignore file (if present)
  • Falls back to excluding: node_modules, dist, build, .git, .next, coverage, __pycache__, vendor
  • Skips hidden directories (unless explicitly included in your project)

Detected Vulnerabilities

GitGuard detects 50+ vulnerability patterns including:

  • Injection Attacks: SQL injection, Command injection, LDAP injection
  • XSS: Reflected, Stored, DOM-based
  • Authentication: Weak passwords, Insecure session management
  • Cryptography: Weak algorithms, Hardcoded secrets
  • SSRF: Server-side request forgery
  • Path Traversal: Directory traversal attacks
  • CSRF: Cross-site request forgery

... and many more!

Examples

Simple Scan

$ gitguard scan

✓ Collecting files...
ℹ Found 47 file(s), sending to GitGuard...

Scan Results
Files scanned: 47
Duration: 2.3s

Found 3 issue(s):
  HIGH: 2
  MEDIUM: 1

HIGH    SQL Injection
  src/api/users.ts:45
  Unsanitized user input in SQL query

HIGH    XSS Vulnerability
  components/Form.tsx:23
  Unescaped user input in HTML

MEDIUM  Weak Cryptography
  lib/crypto.ts:12
  Using MD5 for hashing (use bcrypt instead)

CI/CD JSON Output

$ gitguard scan --json

{
  "scanId": "scan_abc123",
  "status": "completed",
  "filesScanned": 47,
  "duration": 2300,
  "summary": {
    "total": 3,
    "critical": 0,
    "high": 2,
    "medium": 1,
    "low": 0,
    "info": 0
  },
  "vulnerabilities": [...]
}

Troubleshooting

Authentication Failed

If you see "Authentication expired", log in again:

gitguard logout
gitguard login

Rate Limit Exceeded

Free tier includes 5 scans per day. If you hit the limit:

  1. Wait for the daily reset (shown in gitguard whoami)
  2. Upgrade to Pro (100/day) or Premier (unlimited scans)

No Files Found

Make sure you're in a directory with code files. The CLI only scans supported file types (see "What Gets Scanned?" above).

Privacy & Security

  • Your code is transmitted securely over HTTPS
  • Scans are processed server-side and deleted after completion
  • No code is stored permanently
  • API tokens are stored locally in ~/.gitguard/config.json (chmod 600)
  • View our Privacy Policy

Support

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

MIT © GitGuard

Made with ❤️ by the Creative Lid LLC - GitGuard team