npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@nomarj/sigil

v1.2.1

Published

Automated security auditing for AI agent code - quarantine-first scanning for pip, npm, git repos, and MCP servers

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

nomark-ainomark-ai

Keywords

securityscanningsupply-chainmalwareai-agentmcpclaudecursorpipnpmquarantinethreat-intelligence

Readme

Sigil scans repositories, packages, MCP servers, skills, and agent tooling for malicious patterns before they reach your working environment. Nothing runs until it's been scanned, scored, and explicitly approved.

The AI tooling ecosystem moves fast. Developers clone repos from tutorials, install MCP servers with 12 GitHub stars, and pull agent skills from Discord — all of which get direct access to API keys, databases, and cloud credentials. Traditional dependency scanners catch known CVEs but miss the real threat: intentionally malicious code designed to exfiltrate credentials, establish backdoors, or execute arbitrary commands via install hooks.

Sigil fills this gap with a quarantine-first approach.

Quick Install

Manual Install (Current):

# Clone the repository
git clone https://github.com/NOMARJ/sigil.git
cd sigil

# Make the CLI executable and install
chmod +x bin/sigil
sudo cp bin/sigil /usr/local/bin/sigil

# Initialize directories and aliases
sigil install

Coming Soon:

  • Homebrew: brew install nomarj/tap/sigil
  • npm (macOS/Linux): npm install -g @nomarj/sigil
  • curl installer: curl -fsSLO https://www.sigilsec.ai/install.sh && sh install.sh
  • Docker: docker pull nomark/sigil:latest

Note: The sigil package name on crates.io is occupied by an unrelated project. Install the Rust CLI with cargo install sigil-cli.

→ See all installation methods

How It Works

┌──────────────┐     ┌──────────────┐     ┌──────────────┐
│  You run a   │────▶│  Sigil       │────▶│  Clean?      │
│  command     │     │  quarantines │     │  Approve.    │
│              │     │  & scans     │     │  Dirty?      │
│  gclone      │     │              │     │  Reject.     │
│  safepip     │     │  6 phases.   │     │              │
│  safenpm     │     │  <3 seconds. │     │  You decide. │
└──────────────┘     └──────────────┘     └──────────────┘

Sigil runs six analysis phases on every scan (Phases 1-6 are free, Phase 9 requires Pro):

| Phase | What It Catches | Tier | | ------------------- | ---------------------------------------------------------------------------------- | ------- | | Install Hooks | setup.py cmdclass, npm postinstall, Makefile targets that execute on install | Free | | Code Patterns | eval(), exec(), pickle.loads, child_process, dynamic imports | Free | | Network / Exfil | Outbound HTTP, webhooks, socket connections, DNS tunnelling | Free | | Credentials | ENV var access, .aws, .kube, SSH keys, API key patterns | Free | | Obfuscation | Base64 decode, charCode, hex encoding, minified payloads | Free | | Provenance | Git history depth, author count, binary files, hidden files | Free | | 🔒 LLM Analysis | AI-powered zero-day detection, contextual threat correlation, advanced remediation | Pro |

Each finding is weighted and scored. You get a clear verdict:

| Score | Verdict | What Happens | | ----- | --------------- | --------------------------- | | 0 | CLEAN | Auto-approve (configurable) | | 1–9 | LOW RISK | Approve with review | | 10–24 | MEDIUM RISK | Manual review required | | 25–49 | HIGH RISK | Blocked, requires override | | 50+ | CRITICAL | Blocked, no override |

Usage

Core Commands

# Clone a repo into quarantine, scan it, get a verdict
sigil clone https://github.com/someone/cool-mcp-server

# Download and scan a pip package before installing
sigil pip some-agent-toolkit

# Download and scan an npm package before installing
sigil npm langchain-community-plugin

# Scan a directory or file already on disk
sigil scan ./downloaded-skill/

# 🔒 Pro: Enhanced LLM-powered scanning (requires authentication)
sigil login --token YOUR_API_TOKEN
sigil scan ./code --enhanced              # AI-powered threat detection
sigil scan ./code --enhanced --verbose    # With detailed output

# Download and scan any URL
sigil fetch https://example.com/agent-tool.tar.gz

# Manage quarantine
sigil list              # See all quarantined items
sigil approve abc123    # Move approved code out of quarantine
sigil reject abc123     # Permanently delete quarantined code

Discovery Commands

Find and research AI tools, packages, and dependencies before using them:

# Search for AI tools and packages
sigil search "natural language processing"
sigil search "web scraping"
sigil search "machine learning"

# Get curated tool recommendations for specific use cases
sigil discover "chatbot development"
sigil discover "data analysis pipeline"
sigil discover "web scraping automation"

# Get detailed information about a specific tool
sigil info pypi/langchain
sigil info npm/puppeteer
sigil info pypi/scrapy

# Discovery integrates with security auditing
sigil search "pdf processing" | head -3    # Find options
sigil info pypi/pypdf                      # Research a tool
sigil pip pypdf                            # Audit before installing

Discovery Features:

  • Smart Search: Natural language queries find relevant tools
  • Use Case Stacks: Get curated tool recommendations for specific workflows
  • Trust Scoring: See security ratings and trust scores for every tool
  • Installation Ready: Get exact install commands with security pre-checks
  • Ecosystem Coverage: Search across pip, npm, and other package managers

Shell Aliases

After running sigil install, these aliases are available in every terminal session. Use the commands you already know — Sigil protects you automatically:

| Alias | What It Does | | ---------------------- | ---------------------------------- | | gclone <url> | git clone with quarantine + scan | | safepip <pkg> | pip install with scan first | | safenpm <pkg> | npm install with scan first | | safefetch <url> | Download + quarantine + scan | | audithere | Scan current directory | | qls | Quarantine status | | qapprove / qreject | Approve or reject most recent item |

Git Hooks

# Auto-scan any repo on clone (global git hook)
sigil install --git-hooks

IDE & Agent Integrations

Sigil works where you work. Install the plugin for your editor, or connect AI agents via MCP:

| Integration | Coverage | Install | | ------------------------------- | ---------------------------------------------------------------------------------- | ------------------------------------------- | | VS Code / Cursor / Windsurf | Scan workspace, files, selections, packages. Findings in Problems panel. | plugins/vscode | | JetBrains IDEs | IntelliJ, WebStorm, PyCharm, GoLand, CLion, etc. Tool window + inline annotations. | plugins/jetbrains | | Claude Code Plugin | 4 skills + 2 security agents. Auto-suggests scans on clone/install. | plugins/claude-code | | Claude Code (MCP) | 6 tools: scan, scan_package, clone, quarantine, approve, reject. | plugins/mcp-server | | GitHub Actions | Run Sigil as a CI check on every PR. | action.yml |

Claude Code Plugin (Recommended)

Install as a native Claude Code plugin for skills, agents, and auto-recommendations:

# Add Sigil marketplace
claude plugin marketplace add https://github.com/NOMARJ/sigil.git

# Install the plugin
claude plugin install sigil-security@sigil

This provides:

  • /sigil-security:scan-repo - Scan repositories
  • /sigil-security:scan-package - Audit npm/pip packages
  • /sigil-security:scan-file - Analyze specific files
  • /sigil-security:quarantine-review - Manage findings
  • @security-auditor - Expert threat analysis agent
  • @quarantine-manager - Quarantine workflow agent

→ See Claude Code plugin documentation

Claude Code MCP Server

Alternatively, use the MCP server for tool-based integration:

{
  "mcpServers": {
    "sigil": {
      "command": "node",
      "args": ["/path/to/sigil/plugins/mcp-server/dist/index.js"]
    }
  }
}

Build the MCP server first:

cd plugins/mcp-server && npm install && npm run build

npx @nomark/sigil-mcp-server will be available once the package is published to npm.

Threat Intelligence

When authenticated (sigil login), Sigil connects to a community-powered threat intelligence database. Every scan from every user contributes anonymised pattern data. When someone flags a malicious package, the threat signature propagates to all users within minutes.

No source code is ever transmitted — only pattern match metadata (which rules triggered, file types, risk scores).

Offline mode: All six scan phases run locally without authentication. Threat intelligence lookups are skipped, but you still get full local analysis.

# Authenticate to enable threat intel
sigil login

Learn more about authentication →

Why Not [Existing Tool]?

| Capability | Sigil | Aardvark/Codex | Claude Code | Snyk | Semgrep | | -------------------------- | ----------- | -------------- | ------------- | ---------- | ------- | | Pre-install quarantine | ✅ | ❌ | ❌ | ❌ | ❌ | | Supply-chain attacks | ✅ Primary | ⚠️ Limited | ⚠️ Limited | ⚠️ CVEs | ❌ | | Install hook scanning | ✅ | ❌ | ❌ | ❌ | ❌ | | Malware analysis | ⚠️ Patterns | ✅ Dedicated | ⚠️ Context | ❌ | ❌ | | AI-powered analysis | ❌ | ✅ GPT-5 | ✅ Claude | ⚠️ Limited | ❌ | | Deep vuln scanning | ⚠️ Patterns | ✅ 92% recall | ✅ Primary | ✅ | ✅ | | Auto-patching | ❌ | ✅ Codex | ✅ AI patches | ⚠️ Limited | ❌ | | AI agent / MCP focus | ✅ | ✅ | ✅ | ❌ | ❌ | | Multi-ecosystem | ✅ All | ✅ | ✅ | ✅ | ✅ | | Free tier | ✅ Full | Private beta | Waitlist | Limited | OSS |

The Complete Stack:

  • Sigil (Layer 1): Quarantine-first before code enters your environment (supply-chain protection)
  • Aardvark/Codex Security (Layer 2): Deep AI analysis after code is committed (GPT-5 powered)
  • Claude Code Security (Layer 2): Deep AI analysis after code is committed (Claude powered)

Positioning:

  • Aardvark and Claude Code Security compete (both do deep vulnerability scanning)
  • Sigil complements both (different layer: pre-install vs post-commit)
  • Use Sigil + (Aardvark OR Claude Code Security) for complete coverage

→ See complete integration guide

Snyk and Dependabot flag known CVEs — they don't scan for intentional malice. Socket.dev is npm-only. Semgrep is a pattern engine, not a workflow. The AI security stack (Sigil + Aardvark/Claude Code Security) provides defense-in-depth.

Pricing

The CLI is free and open source with all eight scan phases. Sigil Pro turns your scanner into an AI security consultant.

| | Open Source | Pro — $29/mo | Team — $99/mo | | ---------------------------------- | ----------- | ------------ | -------------- | | Full CLI scanning | ✅ | ✅ | ✅ | | 🤖 AI Finding Investigation | — | ✅ | ✅ | | 🔍 False Positive Verification | — | ✅ | ✅ | | 💬 Interactive Security Chat | — | ✅ | ✅ | | ⚡ Smart Model Routing | — | ✅ | ✅ | | 5,000 monthly AI credits | — | ✅ | ✅ | | Cloud threat intelligence | — | ✅ | ✅ | | Scan history | — | 90 days | 1 year | | Web dashboard | — | ✅ | ✅ | | Team management & policies | — | — | Up to 25 seats | | CI/CD integration | — | — | ✅ | | Slack / webhook alerts | — | — | ✅ |

Why upgrade? Transform cryptic security alerts into actionable intelligence. Instead of wondering "Is this real?", get AI-powered explanations, threat assessments, and verification in seconds.

See full pricing →

Documentation

Comprehensive documentation is available in the docs/ directory:

Getting Started:

Technical Deep Dives:

Integration Guides:

Security Research:

Browse all documentation →

Roadmap

See ROADMAP.md for the full roadmap.

Today: Quarantine-first scanning for pip, npm, and git repos. Six-phase behavioral detection. Cloud threat intelligence with community reporting and signature sync. Dashboard with scan history, team management, and policy controls. Rust CLI binary, VS Code / Cursor / Windsurf extension (.vsix), JetBrains plugin, MCP server for AI agents, and GitHub Actions integration.

Now: Hosted cloud — sign up and scan without running infrastructure.

Next: Homebrew tap and npm package. Docker image and Go/Cargo scanning. VS Code Marketplace and JetBrains Marketplace listings. Custom scan rules via YAML. Enterprise SSO, RBAC, and audit logs. GitLab, Jenkins, and CircleCI integrations.

Contributing

We welcome contributions. See CONTRIBUTING.md for guidelines.

Security

Found a vulnerability? Please report it responsibly. See SECURITY.md.

License

Apache 2.0 — see LICENSE for details.