npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mastyf_ai/server

v4.1.12

Published

Security, cost, and health governance proxy for MCP infrastructure — three-layer detection engine (regex + schema + LLM), monorepo, corpus, CI/CD

Readme


The problem

AI agents can read your files, push code, query databases, execute shell commands, and call external APIs. They do it autonomously, at machine speed.

Traditional security controls weren't built for that.

Mastyf.ai acts as a perimeter security layer for AI. It intercepts every tool call, evaluates it against your security policies using multi-agent swarm analysis, and blocks malicious or unauthorized actions before they execute.

Every decision is enforced, logged, and auditable.


What it stops

| Threat | What it looks like | |--------|--------------------| | Prompt injection | Malicious instructions embedded in tool arguments to hijack agent behavior | | Path traversal | Attempts to access /etc/passwd, .ssh/id_rsa, .aws/credentials | | Secret exfiltration | API keys and tokens leaking through tool arguments | | Shell injection | Reverse shells, rm -rf, encoded PowerShell commands | | Data exfiltration | Bulk SQL dumps, git push, aws s3 cp, unauthorized file transfers | | SSRF | Calls to metadata endpoints, localhost, and private IP ranges | | Encoding evasion | Base64 blobs and Unicode homoglyphs used to bypass pattern detection | | Cost abuse | Runaway agent loops burning through token budgets | | Rug-pull attacks | Tool definitions that silently change mid-session |


Quick start

Build from source

Clone the repository and run the setup script.

Requirements:

  • Git
  • Linux (the setup script installs Nix automatically if needed)
git clone https://github.com/mastyf-ai/mastyf.ai.git
cd mastyf.ai
chmod +x setup.sh
./setup.sh

The setup script automatically:

  • Installs Nix (if required)
  • Enables Nix flakes
  • Creates the development environment
  • Installs all project dependencies
  • Rebuilds native packages
  • Builds the entire project
  • Adds a convenient mastyf shell alias

Once installation completes, start the proxy and dashboard:

node dist/cli.js start

Or simply use the alias after opening a new terminal:

mastyf

The dashboard will be available at:

  • Dashboard: http://localhost:4000

Test the installation

If the dashboard is running, verify the HTTP bridge:

curl -X POST http://localhost:4000/mcp -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","id":"1","method":"tools/list","params":{}}'

Dashboard

Full visibility into every action your AI takes.


| Section | What you see | |---------|-------------| | Protection | Block rate, top triggered rules, live threat feed | | Activity | Every tool call with full arguments, allow or block status, timestamp | | Policy | Live rule editor with hot-reload from YAML | | Threat Lab | AI-suggested attack tests, reviewed and approved before anything applies | | Cost | Token usage and cost estimates broken down per tool call |

Do not expose port 4000 publicly without enabling dashboard auth. The default local dev config has DASHBOARD_AUTH_DISABLED=true.


How enforcement works

Every tool call passes through three layers before it reaches your infrastructure.

Layer 1 - Pattern detection Regex-based scanning for injection, dangerous paths, leaked secrets, shell commands, and encoding tricks. Runs in microseconds with no external dependencies.

Layer 2 - Schema validation Rejects malformed payloads, oversized arguments, and JSON-RPC violations before they reach policy evaluation.

Layer 3 - Semantic review An optional local LLM (Ollama) or cloud model evaluates borderline calls that pass pattern checks. Falls back to heuristics if no model is configured.

Anything that fails is blocked. The tool never runs. Everything is logged.


Policy

Your rules live in default-policy.yaml. You own them. mastyf.ai enforces them.

policy:
  mode: block
  default_action: pass
  unicode_strict: true
  rules:
    - name: block-sensitive-paths
      action: block
      argPatterns:
        - field: path
          patterns: ['^/etc/', '/\.ssh', '/\.aws/credentials']

    - name: rate-limit-tool-calls
      action: block
      maxCallsPerMinute: 120

    - name: block-shell-injection
      action: block
      patterns: ['rm\s+-rf', 'curl\s', 'wget\s', '`[^`]+`']

Roll out safely with three enforcement modes:

| Mode | Behavior | When to use | |------|----------|-------------| | audit | Log everything, block nothing | First week, understand what your AI does | | warn | Log and flag, still forwards | Tuning phase before enforcement | | block | Stops violations before execution | Production |

Pre-built templates for HIPAA, PCI-DSS, GxP, and data residency are in policy-templates/.


Architecture

mastyf.ai runs two coordinated swarms. The CI Swarm attacks your policy before code ships. The Runtime Swarm enforces and learns from every live tool call in production. Four feedback loops connect them so the system gets harder to bypass over time.

flowchart TB

  AI["🤖 AI Clients\nCursor · Claude Desktop · Cline"]

  subgraph CI["🔵 CI Swarm (PR + Nightly)"]
    direction LR
    Scout["🔍 Scout Agent\nSAST, deps, config scan"]
    Corpus["📋 Corpus Agent\n228 fixtures eval"]
    Evasion["⚡ Evasion Agent\n120+ probes + generate new"]
    Parity["🔄 Parity Agent\nNode vs Python"]
    ProxyA["🖥️ Proxy Agent\nLive stdio MCP tests"]
    Report["📊 Report Agent\nsecurity-swarm/latest.json"]
    Scout --> Corpus --> Evasion --> Parity --> ProxyA --> Report
  end

  subgraph Runtime["🟢 Runtime Swarm (Production Proxy)"]
    direction LR
    BG["🛡️ BlockGuard\nsync policy"]
    IL["📈 InstantLearner\nper-block stats + suggestions"]
    SA["🧠 SemanticAuditor\nasync LLM, optional"]
    PS["🔗 PatternSynthesizer\nbatch suggestions"]
    Cal["⚙️ Calibrator\nlabels + thresholds"]
    BG --> IL --> PS --> Cal
    BG --> SA --> PS
  end

  Tools["🗄️ MCP Tools\nfilesystem · GitHub · databases · APIs"]

  AI -->|"every tool call"| BG
  BG -->|"✅ allowed"| Tools
  Report -->|"🔁 Loop A: bypasses to corpus"| Corpus
  Cal -->|"🔁 Loop B: blocks to rules"| BG
  Cal -->|"🔁 Loop C: labels to LLM"| SA
  Report -->|"🔁 Loop D: CI metrics weekly"| Cal

  style CI fill:#EFF6FF,stroke:#3B82F6,stroke-width:2px,color:#1E3A5F
  style Runtime fill:#F0FDF4,stroke:#22C55E,stroke-width:2px,color:#14532D
  style Scout fill:#DBEAFE,stroke:#3B82F6,color:#1E40AF
  style Corpus fill:#DBEAFE,stroke:#3B82F6,color:#1E40AF
  style Evasion fill:#DBEAFE,stroke:#3B82F6,color:#1E40AF
  style Parity fill:#DBEAFE,stroke:#3B82F6,color:#1E40AF
  style ProxyA fill:#DBEAFE,stroke:#3B82F6,color:#1E40AF
  style Report fill:#DBEAFE,stroke:#3B82F6,color:#1E40AF
  style BG fill:#BBF7D0,stroke:#16A34A,color:#14532D
  style IL fill:#BBF7D0,stroke:#16A34A,color:#14532D
  style SA fill:#BBF7D0,stroke:#16A34A,color:#14532D
  style PS fill:#BBF7D0,stroke:#16A34A,color:#14532D
  style Cal fill:#BBF7D0,stroke:#16A34A,color:#14532D
  style AI fill:#FEF3C7,stroke:#F59E0B,stroke-width:2px,color:#78350F
  style Tools fill:#FEF3C7,stroke:#F59E0B,stroke-width:2px,color:#78350F

Canonical gates: 228/228 corpus, 0 bypasses, 100% parity

CI Swarm

Runs on every PR and nightly. Six agents work in sequence, each one hardening what the previous found.

| Agent | What it does | |-------|-------------| | Scout | SAST scan, dependency audit, config review | | Corpus | Evaluates all 228 attack fixtures against current policy | | Evasion | Runs 120+ bypass probes and generates novel ones using an LLM | | Parity | Verifies Node and Python implementations produce identical decisions | | Proxy | Live stdio MCP session tests against a running proxy instance | | Report | Writes security-swarm/latest.json with full results and metrics |

Runtime Swarm

Runs inside the production proxy on every tool call.

| Component | What it does | |-----------|-------------| | BlockGuard | Enforces the active policy synchronously on every call. Fail-closed. | | InstantLearner | Tracks per-block statistics and surfaces rule suggestions in real time | | SemanticAuditor | Optional async LLM review for calls that clear pattern checks but look suspicious | | PatternSynthesizer | Batches suggestions from InstantLearner and SemanticAuditor into candidate rules | | Calibrator | Labels candidates, tunes thresholds, and promotes approved rules back into BlockGuard |

Feedback loops

| Loop | Signal | Effect | |------|--------|--------| | A | CI bypass found | Added to corpus, CI now guards against it permanently | | B | Runtime block pattern | Synthesized into a new rule, promoted to BlockGuard | | C | Calibrator label | Used to fine-tune SemanticAuditor thresholds | | D | CI metrics (weekly) | Updates runtime config — keeps CI and production in sync |

The proxy supports five transports: stdio, HTTP, SSE, streamable HTTP, and WebSocket.

For enterprise deployments with Redis, Postgres, and Kubernetes see docs/ENTERPRISE_DEPLOYMENT.md.


Threat Lab

Threat Lab watches live traffic and uses a local LLM to propose new attack test cases when it detects suspicious patterns. Nothing is applied automatically. You review and approve every suggestion in the dashboard before it becomes a rule.

Approved discoveries feed back into the CI attack corpus for ongoing regression testing.

ollama serve
ollama pull qwen3:8b

export OLLAMA_BASE_URL=http://127.0.0.1:11434
export MASTYF_AI_LLM_PROVIDER=ollama
export MASTYF_AI_LLM_MODEL=qwen3:8b

pnpm dashboard:proxy

MCP package trust scores

Before installing any MCP server from npm, check its trust score at https://www.mastyf.ai/certified. Scores cover CVE exposure, typo-squat risk, maintainer signals, and known attack patterns. Free, no account required.


Common commands

| Command | What it does | |---------|-------------| | node dist/cli.js start | Start proxy and dashboard on port 4000 | | node dist/cli.js onboard | Wrap your MCP config to route through the proxy | | node dist/cli.js doctor | Health check for DB, policy, and environment | | node dist/cli.js scan --all | Scan MCP configs for CVEs and injection risks | | pnpm test | Run the full test suite | | pnpm security-swarm:fast | Quick security regression, 5 to 15 minutes | | pnpm security-swarm:analyze | Full adversarial analysis |


Troubleshooting

| Problem | Fix | |---------|-----| | Dashboard shows no data | Proxy and dashboard must share the same MASTYF_AI_DB_PATH. Default is ~/.mastyf-ai/history.db | | dist/cli.js not found | Run pnpm build | | AI still hitting tools directly | Run node dist/cli.js onboard --apply | | Ollama warnings at startup | Run ollama serve or remove MASTYF_AI_LLM_PROVIDER from your environment | | npm install fails | npm publish is not live yet. Use git clone and pnpm install |


Learn more