npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@ktmcp-cli/iotvas

v1.0.0

Published

Production-ready CLI for IoTVAS IoT device vulnerability scanner

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

killthemcpkillthemcp

Keywords

iotvasiotsecurityvulnerabilityfirmwarecvecliapiktmcp

Readme

"Six months ago, everyone was talking about MCPs. And I was like, screw MCPs. Every MCP would be better as a CLI."

Peter Steinberger, Founder of OpenClaw Watch on YouTube (~2:39:00) | Lex Fridman Podcast #491

IoTVAS CLI

A production-ready command-line interface for the IoTVAS IoT device vulnerability scanner. Analyze firmware, search CVEs, and get security assessments for IoT devices directly from your terminal.

Disclaimer: This is an unofficial CLI tool and is not affiliated with, endorsed by, or supported by Firmalyzer.

Features

  • Firmware Analysis — Submit firmware for vulnerability scanning and get detailed reports
  • CVE Listings — List CVEs affecting specific firmware or devices
  • Crypto Analysis — Identify cryptographic weaknesses in firmware
  • Device Info — Get security information for IoT devices by make/model
  • CVE Search — Search the vulnerability database by keyword, device, or severity
  • Account Info — Check API usage and account details
  • JSON output — All commands support --json for scripting and piping
  • Colorized output — Clean, readable terminal output with chalk

Why CLI > MCP

MCP servers are complex, stateful, and require a running server process. A CLI is:

  • Simpler — Just a binary you call directly
  • Composable — Pipe output to jq, grep, awk, and other tools
  • Scriptable — Use in shell scripts, CI/CD pipelines, cron jobs
  • Debuggable — See exactly what's happening with --json flag
  • AI-friendly — AI agents can call CLIs just as easily as MCPs, with less overhead

Installation

npm install -g @ktmcp-cli/iotvas

Authentication Setup

IoTVAS uses API key authentication.

1. Get your API key

  1. Sign up at firmalyzer.com
  2. Go to your account settings and generate an API key

2. Configure the CLI

iotvas config set --api-key YOUR_API_KEY

3. Verify

iotvas account info

Commands

Configuration

# Set API key
iotvas config set --api-key <key>

# Show current config
iotvas config show

Firmware Analysis

# Analyze firmware by hash
iotvas firmware analyze --hash <md5-or-sha256>

# Analyze by make/model
iotvas firmware analyze --make-model "Netgear R7000"

# Get full vulnerability report
iotvas firmware report <firmware-hash>

# List CVEs for firmware
iotvas firmware cves <firmware-hash>

# Get cryptographic issues
iotvas firmware crypto <firmware-hash>

Device Information

# Get device info
iotvas device info --make Netgear --model R7000

# Get CVEs for a device
iotvas device cves --make Netgear --model R7000

# Output as JSON
iotvas device cves --make D-Link --model DIR-615 --json

CVE Search

# Search by keyword
iotvas cves search --keyword "buffer overflow"

# Search by device
iotvas cves search --make Asus --model RT-N66U

# Filter by severity
iotvas cves search --severity CRITICAL
iotvas cves search --make Linksys --severity HIGH

# Get specific CVE details
iotvas cves get CVE-2023-1234

Account

# Check account info and usage
iotvas account info

Understanding Severity Levels

  • CRITICAL — Immediate action required, CVSS 9.0-10.0
  • HIGH — High priority, CVSS 7.0-8.9
  • MEDIUM — Medium priority, CVSS 4.0-6.9
  • LOW — Low risk, CVSS 0.1-3.9

JSON Output

All commands support --json for machine-readable output:

# Get critical CVEs for a device
iotvas device cves --make Netgear --model R7000 --json | \
  jq '.[] | select(.severity == "CRITICAL") | {cve_id, cvss_score, summary}'

# Get firmware report summary
iotvas firmware report <hash> --json | jq '{risk_score, cve_count}'

Contributing

Issues and pull requests are welcome at github.com/ktmcp-cli/iotvas.

License

MIT — see LICENSE for details.

Part of the KTMCP CLI project — replacing MCPs with simple, composable CLIs.