npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@jambo.team/env-doctor

v1.0.2

Published

Zero-dependency secrets hygiene scanner and remediation tool

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

rajhrajholotuderickolotuderickdeogratius_mossesdeogratius_mossesandrewlucasandrewlucas

Keywords

secretsscansecurityhygiene

Readme

🩺 @jambo.team/env-doctor

A lightning-fast, zero-dependency secrets scanner and automated remediation engine for modern development teams.

env-doctor proactively scans your source code for hardcoded secrets, cryptographic keys, and high-entropy passwords. When vulnerabilities are detected, our interactive Remediation Wizard surgically extracts the string, replaces it with process.env.*, and auto-vaults it into the Cloud.

This tool is part of the RunEnv DevSecOps ecosystem.

🚀 Features

  • Zero Dependencies: Uses native JavaScript modules. Extremely lightweight.
  • Blazing Fast: Native regex execution and Shannon entropy analysis ensures sub-millisecond execution.
  • Automated Refactoring: Identifies leaks and natively splices process.env.VAR_NAME directly into your code.
  • CI/CD Native: Seamlessly plugs into GitHub Actions, automatically blocking Pull Requests and surfacing file annotations in the PR code review interface.

💻 Local Usage

You don't need to install anything! Run it directly via npx in any codebase:

npx @jambo.team/env-doctor@latest

It will execute a full risk analysis on your repository and grade your hygiene. If your grade is below an A+, it will launch the interactive remediation wizard to vault the leaked secrets.

Optional Flags

# Scan a specific directory
npx @jambo.team/env-doctor@latest -d src/

# Disable Shannon Entropy (massively boosts speed for huge codebases)
npx @jambo.team/env-doctor@latest --no-entropy

🛡️ GitHub Actions Setup

You can fully automate this scanner in your CI/CD pipelines to ensure developers never merge a leaked API key to production.

Create a .github/workflows/scan.yml file in your repository:

name: "Security: Secret Scanner"

on:
  pull_request:
    branches: [ "main", "develop" ]

jobs:
  scan:
    name: "Audit Source Code"
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: 20
      - name: RunEnv Secret Scanner
        uses: Jambo-company/env-doctor@main

When run in CI, if a secret is hardcoded, env-doctor will fatally crash the build and annotate exactly where the leak occurred inside the GitHub PR UI.

License

MIT License