npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@goldensheepai/shepscan

v0.1.1

Published

AI-native secret detection CLI for scanning repositories

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vibecoderuivibecoderui

Keywords

securitysecretsscannerclidevopsdevsecopsapi-keyscredentialsleak-detectionaitypescript

Readme

npm version License: MIT Downloads GitHub Stars

Quick StartFeaturesDocumentationGitHub

🎯 Why ShepScan?

$4.45 million — the average cost of a data breach in 2023. Many start with a single leaked API key.

ShepScan catches secrets before they reach your repository. Built for developers who ship fast and need security that doesn't slow them down.

⚡ Quick Start

# Run instantly with npx (no install needed)
npx @goldensheepai/shepscan scan ./your-project

# Or install globally
npm install -g @goldensheepai/shepscan
shepscan scan ./your-project

Usage

Scan Current Directory

shepscan

Scan a Specific Directory

shepscan scan ./my-project

Scan a GitHub Repository

shepscan repo https://github.com/username/repo

Options

shepscan [path] [options]

Options:
  -v, --verbose       Show detailed output with snippets
  -o, --output <file> Save results to JSON file
  -V, --version       Output version number
  -h, --help          Display help

Examples

# Scan with verbose output
shepscan scan ./src --verbose

# Save results to JSON
shepscan scan ./src -o results.json

# Scan a public GitHub repo
shepscan repo https://github.com/streaak/keyhacks

# List all detection patterns
shepscan patterns

✨ Features

13+ Secret Patterns Detected

Critical

  • AWS Keys
  • GitHub Tokens
  • Stripe Keys
  • Database URLs
  • Private Keys (RSA, SSH)

High

  • Google API Keys
  • Slack Tokens
  • Discord Tokens
  • OpenAI Keys
  • JWT Secrets

Medium

  • Generic API Keys
  • Passwords
  • Environment Secrets

Smart Detection

  • Zero Config — Works out of the box
  • Fast Scanning — Processes thousands of files per second
  • Low False Positives — Filters test/example patterns
  • Exit Codes — Perfect for CI/CD pipelines

🔧 Programmatic Usage

import { scanDirectory, scanSingleFile } from '@goldensheepai/shepscan';

// Scan a directory
const result = scanDirectory('./my-project');

console.log(`Found ${result.totalSecrets} secrets`);
console.log(`Overall severity: ${result.overallSeverity}`);

for (const secret of result.secrets) {
  console.log(`${secret.filePath}:${secret.lineNumber} - ${secret.secretType}`);
}

// Scan a single file
const fileResult = scanSingleFile('./config.js');

Exit Codes

  • 0 — No secrets found, or only low/medium severity
  • 1 — Critical or high severity secrets found

Use in CI/CD:

shepscan scan . || echo "Secrets detected!"

🤝 Contributing

We welcome contributions! ShepScan is open source and community-driven.

See CONTRIBUTING.md for guidelines.

📄 License

MIT License © Golden Sheep AI