npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@korext/ai-attestation

v1.0.2

Published

Track and attest AI generated code in your repository. Open standard for AI code transparency.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tbrunohtbrunoh

Keywords

aiattestationgovernancecompliancecopilotcursorclaude-codecodeiumaiderwindsurfdevinamazon-qtabnineclinecode-qualitytransparencyauditgit-hookopen-standard

Readme

AI Attestation

An open standard for tracking AI generated code in your repository.

AI Attestation License: Apache-2.0 Spec: CC0-1.0 npm

AI Attestation is a machine readable YAML file placed in your repository root that tracks which AI coding tools were used, how much code they generated, and whether that code has been governance scanned.

Why

Enterprises, open source maintainers, and compliance teams increasingly need to answer:

  • How much of this codebase was written by AI?
  • Which AI tools were used?
  • Has the AI generated code been reviewed or scanned?

AI Attestation provides a single, standardized file that answers all three.

Quick Start

npx @korext/ai-attestation init

This will:

  1. Scan your git history for AI tool signatures
  2. Create .ai-attestation.yaml in your repo root
  3. Install a post-commit hook to keep it updated

That's it. The file updates automatically on every commit.

What It Detects

AI Attestation identifies tools through publicly observable signals:

| Method | Description | Reliability | |--------|-------------|-------------| | Co-author trailer | Co-authored-by: Copilot <[email protected]> | ✅ High | | Commit message pattern | Generated by Copilot, via Cursor | ⚠️ Medium | | Metadata header | // @cursor-generated | ⚠️ Medium | | Git config | copilot.enabled = true | ℹ️ Low |

Supported Tools

| Tool | Identifier | Detection | |------|-----------|-----------| | GitHub Copilot | copilot | Co-author, commit message, config | | Cursor | cursor | Co-author, commit message | | Claude Code | claude-code | Co-author, commit message | | Windsurf | windsurf | Commit message, file header | | Codeium | codeium | Commit message, file header | | Aider | aider | Co-author, commit message | | Devin | devin | Co-author, commit message | | OpenHands | openhands | Co-author, commit message | | Amazon Q Developer | amazon-q | Commit message, file header | | OpenAI Codex CLI | codex-cli | Commit message, file header | | Gemini Code Assist | gemini-code-assist | Commit message | | JetBrains AI | jetbrains-ai | Commit message, file header | | Sourcegraph Cody | sourcegraph-cody | Co-author, commit message | | Tabnine | tabnine | Commit message, file header | | Replit AI | replit-ai | Commit message, file header | | Cline | cline | Co-author, commit message | | Continue | continue | Commit message, config | | GPT Engineer | gpt-engineer | Co-author, commit message | | Bolt | bolt | Commit message, file header |

Missing a tool? Add it

The File

# AI Attestation
# https://oss.korext.com/ai-attestation

schema: https://oss.korext.com/ai-attestation/schema
version: "1.0"

repo:
  owner: acme
  name: payments-service
  url: https://github.com/acme/payments-service

generated: "2026-04-15T12:00:00Z"

range:
  from: "2025-01-01T00:00:00Z"
  to: "2026-04-15T12:00:00Z"
  commits: 1247

ai:
  assisted_commits: 438
  percentage: 35.1
  tools:
    - name: GitHub Copilot
      identifier: copilot
      first_seen: "2025-09-01"
      last_seen: "2026-04-15"
      commit_count: 312

    - name: Cursor
      identifier: cursor
      first_seen: "2026-01-15"
      last_seen: "2026-04-14"
      commit_count: 89

  detection_methods:
    - co-author-trailer
    - commit-message-pattern

See more examples in examples/.

CLI Commands

# Initialize (scan + create file + install hook)
ai-attestation init

# Re-scan and update
ai-attestation scan

# Print attestation summary
ai-attestation report

# Generate badge markdown
ai-attestation badge

# Manage git hooks
ai-attestation hook install
ai-attestation hook remove
ai-attestation hook install --type pre-commit

GitHub Action

Enforce AI code policies in CI:

# .github/workflows/ai-attestation.yml
name: AI Attestation
on: [push, pull_request]

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: korext/ai-attestation@v1
        with:
          minimum-governance-score: 80
          block-unscanned: true
          mandatory-packs: security

Action Inputs

| Input | Default | Description | |-------|---------|-------------| | fail-on-missing | true | Fail if .ai-attestation.yaml is missing | | minimum-governance-score | | Minimum score to pass (0-100) | | block-unscanned | | Block AI code without governance scan | | require-review | | Require human review for AI code | | mandatory-packs | | Comma-separated required governance packs | | attestation-path | .ai-attestation.yaml | Path to attestation file |

Action Outputs

| Output | Description | |--------|-------------| | result | PASS, WARN, or FAIL | | ai-percentage | Percentage of AI assisted commits | | governance-score | Current governance score | | tools-detected | Comma separated list of tools | | summary | Human readable summary |

Governance

The governance section is designed to be populated by any governance engine. When configured, a governance engine reads the attestation file, scans the AI generated code, and writes its results back:

governance:
  engine: KOREXT
  last_scan: "2026-04-15T10:00:00Z"
  result: PASS
  score: 94
  packs:
    - security
    - modernization
  findings:
    critical: 0
    high: 1
    medium: 3
    low: 7

The governance section is engine-agnostic. Any tool can populate it.

Privacy

AI Attestation processes git metadata only:

  • Commit messages
  • Author names and emails
  • Commit dates

It never reads source code. All processing happens locally. No network calls. No telemetry. The output file contains only aggregate counts.

Specification

The full specification is available at SPEC.md. The JSON Schema is available at schema.json.

Both are released under CC0 1.0 Universal (public domain).

Badge

Add a badge to your README after running ai-attestation init:

ai-attestation badge

This outputs markdown you can paste into your README:

[![AI Attestation](https://oss.korext.com/badge/owner/repo)](https://oss.korext.com/report/owner/repo)

Contributing

See CONTRIBUTING.md for guidelines on adding new tools, reporting false positives, and proposing spec changes.

License

Related Projects

| Project | Description | |---------|-------------| | AI License Notice | Declare AI provenance in open source projects | | Supply Chain Attestation | AI provenance across your dependency tree | | AI Incident Registry | Public registry for AI code failures |

Built by Korext | oss.korext.com/ai-attestation