npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@llm-dev-ops/llm-config-devtools

v0.5.0

Published

Development and security scanning tools (Rust crate - use via cargo or build from source)

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

gba_admingba_admin

Keywords

rustllmconfigllm-config-devtools

Readme

LLM Config Devtools

Enterprise-grade security scanning and development tools for the LLM Config Manager project.

Features

Security Scanning

  • Clippy Integration: Runs cargo clippy with security-focused lints
  • Unsafe Code Detection: Identifies all unsafe code blocks for review
  • Secret Scanning: Detects hardcoded secrets (passwords, API keys, tokens)
  • SQL Injection Detection: Identifies potential SQL injection vulnerabilities

Report Generation

Multiple output formats supported:

  • JSON: Machine-readable format for tooling integration
  • YAML: Human-readable structured format
  • Markdown: Documentation-friendly format
  • SARIF: GitHub Security tab integration

Installation

As a Cargo Subcommand

cargo install --path crates/llm-config-devtools

As a Library

Add to your Cargo.toml:

[dependencies]
llm-config-devtools = { path = "../llm-config-devtools" }

Usage

CLI Usage

Security Scan

# Run full security scan with markdown output
llm-security-scan --output report.md --format markdown

# Generate SARIF for GitHub Security tab
llm-security-scan --output results.sarif --format sarif

# Fail CI if high severity findings are found
llm-security-scan --fail-on-high

# Disable specific scans
llm-security-scan --no-secrets --no-sql

Dependency Scan

# Check for vulnerable dependencies
llm-dependency-scan

# Check for outdated dependencies
llm-dependency-scan --check-outdated

# Check for unused dependencies
llm-dependency-scan --check-unused

# Save JSON report
llm-dependency-scan --output report.json

Library Usage

use llm_config_devtools::security::{SecurityScanner, ScanConfig};
use llm_config_devtools::report::{generate_report, OutputFormat};
use std::path::PathBuf;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Configure scanner
    let config = ScanConfig {
        project_root: PathBuf::from("."),
        scan_clippy: true,
        scan_unsafe: true,
        scan_secrets: true,
        scan_sql: true,
        max_workers: None,
    };

    // Run scan
    let scanner = SecurityScanner::new(config);
    let report = scanner.scan()?;

    // Generate report
    let markdown = generate_report(&report, OutputFormat::Markdown)?;
    println!("{}", markdown);

    // Check for high severity findings
    if report.has_high_severity() {
        eprintln!("High severity findings detected!");
        std::process::exit(1);
    }

    Ok(())
}

CI/CD Integration

GitHub Actions

name: Security Scan

on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions-rs/toolchain@v1
        with:
          toolchain: stable
      - name: Run security scan
        run: |
          cargo run --bin llm-security-scan -- \
            --output results.sarif \
            --format sarif \
            --fail-on-high
      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results.sarif

Output Formats

JSON

{
  "timestamp": "2025-11-21T10:00:00Z",
  "project_root": ".",
  "findings": [
    {
      "severity": "high",
      "category": "unsafe_code",
      "title": "Unsafe code block detected",
      "message": "Found unsafe code block...",
      "file": "src/lib.rs",
      "line": 42
    }
  ],
  "summary": {
    "total": 1,
    "critical": 0,
    "high": 1,
    "medium": 0,
    "low": 0
  }
}

SARIF (GitHub Security)

SARIF format is automatically recognized by GitHub and displayed in the Security tab.

Markdown

Human-readable report with severity indicators, code snippets, and recommendations.

Development

Running Tests

cargo test --package llm-config-devtools

Running Locally

# Security scan
cargo run --bin llm-security-scan

# Dependency scan
cargo run --bin llm-dependency-scan

Performance

  • Parallel Scanning: Uses rayon for parallel processing
  • Incremental: Only scans source files (skips target/, node_modules/)
  • Fast: 10-50x faster than shell-based scanners

License

Apache-2.0

Contributing

See CONTRIBUTING.md for details.