npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@intentsolutionsio/security-incident-responder

v1.0.0

Published

Assist with security incident response

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

intentsolutionsiointentsolutionsio

Keywords

securitycomplianceauditingagent-skillsclaude-codeclaude-plugintonsofskills

Readme

Security Incident Responder Plugin

Assist with security incident response, investigation, and remediation following established incident response frameworks.

Features

  • Incident Classification - Categorize security incidents
  • Response Playbooks - Guided response procedures
  • Evidence Collection - Gather forensic data
  • Timeline Construction - Build incident timeline
  • Remediation Steps - Guided recovery process
  • Post-Incident Reporting - Lessons learned documentation

Installation

/plugin install security-incident-responder@claude-code-plugins-plus

Usage

/incident-response
# Or shortcut
/incident

Incident Response Phases

1. Preparation

  • Incident response plan
  • Contact lists
  • Tools and access
  • Communication templates

2. Detection & Analysis

  • Alert triage
  • Incident classification
  • Severity assessment
  • Initial containment

3. Containment

  • Short-term containment
  • System backup
  • Long-term containment
  • Evidence preservation

4. Eradication

  • Remove malware
  • Close vulnerabilities
  • Patch systems
  • Harden configurations

5. Recovery

  • Restore systems
  • Verify functionality
  • Monitor for reinfection
  • Return to normal operations

6. Post-Incident Activity

  • Lessons learned
  • Documentation
  • Process improvements
  • Training updates

Incident Types

  • Data breach
  • Ransomware attack
  • DDoS attack
  • Account compromise
  • Malware infection
  • Insider threat
  • Supply chain attack
  • API abuse

Example Response

SECURITY INCIDENT RESPONSE
==========================
Incident ID: INC-2025-10-11-001
Date: 2025-10-11 14:30 UTC
Severity: HIGH
Type: Data Breach - SQL Injection

INITIAL ASSESSMENT
------------------
Detection Method: Automated alerting
Affected Systems: Production database
Data at Risk: User credentials (50,000 records)
Attack Vector: SQL injection in login endpoint

IMMEDIATE ACTIONS (0-1 hour)
-----------------------------
 1. Isolate affected system [14:35 UTC]
 2. Block attacker IP addresses [14:40 UTC]
 3. Preserve logs and evidence [14:45 UTC]
 4. Notify security team [14:50 UTC]
□ 5. Deploy WAF rules [In Progress]

CONTAINMENT (1-4 hours)
-----------------------
□ 1. Take database snapshot
□ 2. Patch SQL injection vulnerability
□ 3. Review all database queries
□ 4. Enable query logging
□ 5. Deploy intrusion detection

INVESTIGATION
-------------
Timeline:
- 14:15 UTC: Attacker begins probing
- 14:20 UTC: Successful SQL injection
- 14:25 UTC: Data exfiltration begins
- 14:30 UTC: Automated alert triggers
- 14:35 UTC: Response initiated

Evidence Collected:
- Web server logs
- Database query logs
- Network packet captures
- Application error logs

Attack Details:
POST /api/login
username: admin' UNION SELECT username,password,email FROM users--
Result: Full user table extracted

REMEDIATION STEPS
-----------------
1. Fix SQL injection (IMMEDIATE)
   - Replace with parameterized queries
   - Deploy within 2 hours

2. Force password reset (HIGH)
   - Reset all user passwords
   - Notify users of breach
   - Complete within 24 hours

3. Enable MFA (HIGH)
   - Implement TOTP-based MFA
   - Deploy within 1 week

4. Database encryption (MEDIUM)
   - Enable at-rest encryption
   - Complete within 2 weeks

COMMUNICATION PLAN
------------------
Internal:
- Security team: Immediate notification (Complete)
- Engineering team: Within 1 hour (Complete)
- Management: Within 2 hours (Pending)
- Legal: Within 4 hours (Pending)

External:
- Affected users: Within 72 hours (Required by GDPR)
- Regulatory bodies: Within 72 hours (Required by GDPR)
- Law enforcement: If criminal activity confirmed

POST-INCIDENT ACTIONS
--------------------
□ 1. Document lessons learned
□ 2. Update incident response plan
□ 3. Conduct security training
□ 4. Implement additional controls
□ 5. Schedule follow-up review (30 days)

Response Playbooks

Data Breach Response

  1. Identify scope of breach
  2. Contain affected systems
  3. Assess data exposure
  4. Preserve evidence
  5. Notify stakeholders
  6. Regulatory reporting
  7. Remediation
  8. Post-breach monitoring

Ransomware Response

  1. Isolate infected systems
  2. Identify ransomware variant
  3. Assess backup integrity
  4. Evaluate payment vs. recovery
  5. Notify authorities
  6. Restore from backups
  7. Patch vulnerabilities
  8. Monitor for reinfection

DDoS Response

  1. Confirm attack type
  2. Enable DDoS mitigation
  3. Scale infrastructure
  4. Block attack sources
  5. Notify ISP/CDN
  6. Monitor traffic patterns
  7. Post-attack analysis

Best Practices

  1. Have a Plan - Written incident response procedures
  2. Practice Regularly - Tabletop exercises and drills
  3. Document Everything - Detailed logs and evidence
  4. Communicate Clearly - Keep stakeholders informed
  5. Learn and Improve - Post-incident reviews

License

MIT License - See LICENSE file for details