npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@oalacea/guardian

v0.6.9

Published

AI-powered security review plugin for pentesting web applications with NestJS, Rust, Vite support and DDoS/Stress testing - Added BeEzz_QL for GraphQL

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

oalaceaoalacea

Keywords

pentestsecurityweb-securityapi-securityvulnerability-scannerai-securitybug-bountysecurity-auditnestjsrustvitevoidzeroddosstress-testingowasp

Readme

Guardian

License: MIT GitHub release CI

AI-powered security review plugin for pentesting web applications. Automated vulnerability scanning and remediation with zero configuration.

Features:

  • Multi-framework support: NestJS, Rust, Vite/VoidZero, Express, Fastify, Django, Flask, FastAPI, Go, Spring Boot
  • DDoS resistance testing: HTTP flood, Slowloris, connection exhaustion
  • Stress testing: Memory leaks, response time benchmarks, CPU monitoring
  • OWASP Top 10 2021: 100% coverage

Quick Start

Installation

# From your project directory
npx @oalacea/guardian

First run installs the security toolkit (~800 MB Docker image, takes 2-3 minutes).

Production Mode

For external security testing:

npx @oalacea/guardian https://example.com

Usage

After installation, open your AI coding agent and paste:

Read .guardian/REVIEW.md and start the security review

The AI will:

  1. Auto-detect your framework, target URL, and environment
  2. Ask for confirmation
  3. Scan for vulnerabilities
  4. Fix issues directly in your code (dev mode)
  5. Verify each fix
  6. Provide a summary

This task can take several minutes depending on the complexity of your application and the number of vulnerabilities found.

What You Need

  • DockerInstall
  • AI coding agent — Claude Code, Cursor, Windsurf, Aider, Codex...

Included Tools

The Docker toolkit includes:

| Category | Tools | |----------|-------| | Recon | nmap, subfinder, whatweb, httpx | | Vuln Scanning | nuclei, nikto | | Discovery | ffuf | | SQL Injection | sqlmap | | XSS | dalfox | | JWT | jwt_tool | | Brute Force | hydra | | SSL/TLS | testssl.sh | | DDoS/Stress | vegeta, hey, ab (Apache Bench), slowhttptest | | GraphQL | graphqlmap | | Rust Security | cargo-audit, cargo-deny | | Wordlists | SecLists (Web-Content, DNS, Fuzzing, SQLi, Passwords, DDoS) |

What It Tests

Framework-Specific

  • NestJS: Guard bypass, pipe injection, GraphQL introspection, WebSocket auth, throttler bypass
  • Rust: Unsafe blocks, integer overflow, Serde RCE, actix/axum vulnerabilities, cargo-audit
  • Vite/VoidZero: HMR injection, source map leaks, dependency pre-bundling, env var leakage
  • Node.js: Prototype pollution, ReDoS, dependency confusion

General Vulnerabilities

  • Injection: SQLi, NoSQL, SSTI, XXE, LDAP, Command injection
  • Cross-Site: XSS (reflected, stored, DOM), CSRF, CORS misconfig
  • Server-Side: SSRF, deserialization, path traversal, file upload
  • Auth: Authentication bypass, privilege escalation, IDOR, JWT manipulation
  • Logic: Mass assignment, business logic flaws, race conditions
  • Infrastructure: Subdomain takeover, missing headers, info disclosure
  • DoS: ReDoS, GraphQL deep nesting, HTTP flood, Slowloris, connection exhaustion
  • DDoS: Rate limit bypass, connection pool exhaustion, slow attacks
  • Stress: Memory leaks, response time benchmarks, CPU usage, error rates

OWASP Top 10 2021

  • 100% coverage including insecure design, vulnerable components, and logging failures

Safety

  • Always test against dev/staging first
  • Never test production without written authorization
  • Backup your code (use git)
  • Production mode uses non-destructive tests only

Troubleshooting

Rebuild toolkit image

docker rm -f guardian-tools
docker rmi guardian-tools
npx @oalacea/guardian

Test tools manually

docker exec guardian-tools nmap --version
docker exec guardian-tools sqlmap --version

License

MIT — Use at your own risk. Only test systems you own or have explicit permission to test.

Credits

Inspired by nicefox-secu and AIDA.