npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mevichitra/abhay

v0.1.0

Published

Abhay: local ML-assisted code security scanner with remediation reports.

Readme

Abhay

Abhay is a local CLI security scanner for JavaScript, Python, and Java codebases. It combines deterministic security rules, a project-owned ML ranker, and local Ollama remediation generation.

Quick Start

npm install
npm run build
npm start

The default command starts an interactive scan and prompts for:

  • repo/codebase path, relative or absolute
  • output directory
  • minimum severity
  • whether to use Ollama remediation

For direct non-interactive scans:

node dist/cli.js scan <path-to-codebase> --out reports --no-llm

Recommended remediation model:

ollama pull qwen2.5-coder:7b

Abhay will fall back to authored remediation if Ollama is unavailable.

Package as a CLI

For the easiest local package:

npm install
npm pack

That creates a tarball like abhay-0.1.0.tgz. Give that file to another user, then they can install it globally:

npm install -g ./abhay-0.1.0.tgz
abhay

Or they can run a scan directly:

abhay scan . --out reports --no-llm

For npm registry distribution, publish the package after choosing an available package name:

npm publish --access public

If abhay is already taken on npm, change the package name to a scoped name like @your-scope/abhay.

Commands

abhay
abhay scan [path] [--out reports] [--model qwen2.5-coder:7b] [--no-llm]
abhay train
abhay evaluate

Make Targets

If make is available, these commands cover the normal workflow:

make install
make verify
make scan TARGET=<path-to-codebase>
make finetune

On Windows without Make, use the equivalent npm scripts:

npm.cmd run verify
npm.cmd run scan:offline
npm.cmd run finetune

Submission Notes

The custom model is named Abhay.

The dataset workflow generates curated vulnerable/safe pairs:

npm.cmd run data:build

It writes:

  • data/training/security-train.jsonl
  • data/training/security-validation.jsonl
  • data/training/security-test.jsonl
  • data/training/DATASET_CARD.md

For real-world data, import CodeXGLUE defect detection data:

npm.cmd run py:install
npm.cmd run data:import:hf

That writes normalized JSONL files under data/real-world. Use them for stronger generalization evidence:

npm.cmd run finetune:real

There are two model artifacts:

  • model/abhay-ranker.json: lightweight local fallback ranker trained by the TypeScript CLI.
  • model/abhay-finetuned: real fine-tuned transformer artifact produced by training/finetune_abhay.py.

For submission, use the fine-tuning workflow in training/README.md. After that step, Abhay can accurately be described as a fine-tuned vulnerability classification model based on GraphCodeBERT.

The ranker is intentionally paired with static evidence. ML-only vulnerability detection has known generalization limits, so Abhay uses a hybrid design: rules identify concrete evidence, the custom model ranks confidence and priority, and the local code LLM generates remediation text.