npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@ojas-sta/qalify-plus

v1.4.5

Published

An advanced, AI-powered educational vulnerability simulator and overlay.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ojas-staojas-sta

Keywords

Readme

Qalify+ & Vulnerability Simulator

An educational toolkit demonstrating how modern web quizzes can be analyzed and automated using AI (Gemini 2.5 Flash), DOM extraction, and OCR (Tesseract.js).

This project explores the security boundaries of online assessments by highlighting how easily DOM-based quizzes can be read, and how even obfuscated (Canvas/Image-based) questions can be bypassed using automated screenshots and Optical Character Recognition (OCR).

🚀 Features

  • Generic Playwright Overlay (src/generic.js): Injects a sleek, interactive dark-mode UI overlay into any website you visit. It provides dual-mode extraction:
    • Analyze (DOM): Instantly extracts the text from standard HTML web pages.
    • Analyze (OCR): Takes a background screenshot, sharpens the image, and runs it through Tesseract.js to defeat anti-scraping canvas/image obfuscation.
  • Interactive AI Chatbot: After extracting a question, the UI allows you to chat directly with the AI to ask follow-up questions or have it explain its reasoning.
  • Multi-Model Support: Integrates natively with Google Gemini, Anthropic Claude, and OpenRouter, allowing you to seamlessly swap between models optimized for math (Qwen), academia (Owl Alpha), or coding (Laguna).
  • Advanced Key Management: Configure up to 3 separate Gemini API keys in your .env file and hot-swap between them directly from the UI widget to effortlessly bypass rate limits.
  • Native Markdown Rendering: Chat bubbles and reasoning outputs natively parse LLM Markdown into clean HTML (bolding, lists, code blocks).
  • Anti-Inception Capture: The UI overlay automatically hides itself in a fraction of a millisecond during screen capture to prevent the AI from "reading" its own UI elements.
  • Terminal ASCII Art & Delay: Features a sleek boot-up ASCII banner and a 3-second safety delay before the browser launches.
  • Chrome Extension Version: A lightweight Manifest V3 Chrome Extension version of the DOM analyzer, ready for unlisted publishing.
  • Local Autonomous Loop: An automated loop that navigates a local test quiz, continuously identifying questions, selecting the best AI-determined answer, and auto-clicking the "Next" button.

🔑 Getting Your API Keys (Required)

To power the AI analysis, you will need at least one API key. You can get both entirely for free!

1. Google Gemini API Key (Recommended for General Use)

Gemini 2.5 Flash is incredibly fast, smart, and provides a very generous free tier. Qalify+ supports up to 3 separate Gemini keys stored locally in your .env file!

  • Link: Google AI Studio API Keys
  • How to get it:
    1. Click the link above and sign in with your Google Account.
    2. Click the blue "Create API key" button on the screen.
    3. Select a project (or create a new one) and generate the key.
    4. Copy your key (it usually starts with AIza...).

2. OpenRouter API Key (Recommended for Specialized Models)

OpenRouter gives you access to hundreds of open-source models, including powerful free models specifically optimized for Math (Qwen) and Academia (Owl Alpha).

  • Link: OpenRouter API Keys
  • How to get it:
    1. Create a free account on OpenRouter.
    2. Navigate to your settings and click "Create Key".
    3. Give the key a name (e.g., "Quiz Assistant").
    4. Copy the key (it starts with sk-or-v1-...). Note: Make sure you copy it immediately, as it is only shown once!

3. Anthropic API Key (Recommended for Advanced Logic)

Anthropic's latest Claude 4.5 models (Haiku and Sonnet) provide incredible reasoning capabilities for complex problems.

📦 Setup & Installation

You do not need to download the code to use the assistant! It has been published globally to the NPM registry.

  1. Ensure Node.js is installed: Make sure you have Node.js (v18+) installed on your machine.
  2. Install Playwright Browsers (One-time setup): Because the assistant uses a hidden browser to read and analyze quizzes, you need to install the browser engine first:
    npx playwright install chromium
  3. Run the universal command: Open your terminal and type:
    npx @ojas-sta/qalify-plus@latest https://google.com
  4. Interactive Setup: On your very first run, the tool will automatically pause and ask you to paste the API keys you generated above. It securely saves them so you never have to enter them again!

🕹️ Usage Guide

Mode 1: The Universal UI Overlay (Recommended)

This mode launches a custom browser, navigates to a URL you specify, and injects our custom Qalify+ overlay into the page.

npx @ojas-sta/qalify-plus@latest "https://example-quiz-site.com/login"
  • How to use: Navigate the browser manually (log in, pass captchas, etc.). When a question is on screen, click either the DOM or OCR analyze buttons in the floating overlay.
  • Chat: After an analysis, a chat window will slide down allowing you to interrogate the AI about its answer.

Mode 2: Chrome Extension (DOM-only)

A lightweight version you can install directly into your primary Chrome browser. Because of Chrome Web Store security limits on screenshots and WASM models, this version only uses DOM extraction (no OCR).

  1. Open Chrome and navigate to chrome://extensions.
  2. Turn on Developer mode (top right).
  3. Click Load unpacked (top left).
  4. Select the chrome-extension folder inside this project.
  5. Click the extension icon in your browser to open the Side Panel. Don't forget to paste your API Key into the settings!

Mode 3: The Autonomous Local Simulator

This runs an aggressive automated bot against a local test file (test/quiz.html). It auto-detects questions, selects radio buttons, and advances to the next page entirely on its own.

You can run this globally using the secondary executable we packaged:

npx @ojas-sta/qalify-plus@latest qalify-simulator

(Or, if you cloned the repository locally, just run node src/main.js)

🏗️ Architecture & Modules

  • src/ai.js: Wraps the Gemini 2.5 API. Uses strict JSON Schema to force the LLM to return selectedOption, confidenceScore, and reasoning. Also maintains chat history for follow-ups.
  • src/ocr.js: The heavy lifting. Takes a raw Playwright screenshot, uses Jimp to increase contrast and greyscale the image, and feeds it into the Tesseract.js engine to extract raw text.
  • src/analyzer.js: Orchestrates the flow between extracting text, querying the AI, and parsing the response.
  • src/browser.js: The autonomous Playwright controller that hunts for specific DOM selectors like .question-text and #next-btn.

⚠️ Disclaimer

Educational Purposes Only. This toolkit was developed to demonstrate the vulnerabilities inherent in client-side web assessments and to explore the defensive boundaries of CAPTCHAs, Canvas obfuscation, and DOM scraping. Do not use these tools to violate the terms of service of third-party platforms or to bypass academic integrity policies.