npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@penumbraforge/gate

v2.0.1

Published

Gate: Zero-config secret scanner with auto-fix. Finds secrets, fixes them, for free.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

shadoepfshadoepf

Keywords

securitysecretspre-commitgithub-actionspiicompliancezero-trust

Readme

CI

Gate

The first secret scanner that fixes what it finds. For free.

Gate catches secrets before they're committed, verifies if they're live, and auto-fixes them across 9 languages. It generates compliance reports, incident documentation, and git history purge scripts. No other free tool does this.

Quick Start

npx @penumbraforge/gate   # Install pre-commit hook (one command, done)
gate scan --all     # Scan your entire repo
gate fix            # Auto-fix all findings

What happens on first run

$ npx @penumbraforge/gate

  ┌─────────────────────────────────────────┐
  │  Gate v2.0.1 — secret scanner + fixer   │
  │                                         │
  │  ✓ Pre-commit hook installed            │
  │  ✓ 148 detection rules loaded           │
  │  ✓ Zero config needed                   │
  │                                         │
  │  Scanning your repo now...              │
  └─────────────────────────────────────────┘

  ✓ Scanned 387 files in 1.2s

That's it. Every commit is now protected.

What Makes Gate Different

| Capability | Gitleaks | TruffleHog | GitHub | GitGuardian | Gate | |---|---|---|---|---|---| | Detection rules | 170 | 800+ | Partners | 482 | 148 | | Credential verification | No | Yes | Paid | Paid | Yes | | Auto-fix / extract to env | No | No | No | No | Yes | | Interactive remediation | No | No | No | No | Yes | | Incident response workflow | No | No | No | Paid | Yes | | Compliance reports | No | No | Paid | Paid | Yes | | SARIF output | Yes | Yes | N/A | No | Yes | | 100% free, unlimited | Yes | Yes | Public only | 25 devs | Yes | | Runs 100% locally | Yes | Yes | No | No | Yes |

How It Looks

  gate -- 2 secrets found -----------------------------------------

  src/config.js:12
    11   const stripe = require('stripe');
    12   const key = "sk_l****...p7dc";
                      ~~~~~~~~~~~~~~~~~~
    Stripe Live Secret Key -- CRITICAL -- VERIFIED LIVE

    Rotate immediately: https://dashboard.stripe.com/apikeys

All Commands

gate scan [path]       Scan files or directories for secrets
gate scan --all        Scan the entire repository
gate scan --staged     Scan only staged files (pre-commit)
gate scan --history    Scan full git history for leaked secrets
gate fix               Auto-fix findings across tracked files
gate fix --staged      Auto-fix staged findings only
gate fix --interactive Single-keypress remediation per finding
gate verify            Check if detected secrets are live
gate incident          Guided 5-step incident response workflow
gate incident report   Generate a saved incident report by ID
gate report            Generate compliance report (OWASP, NIST, CIS, SOC2)
gate install           Install pre-commit hook
gate audit             View local audit log
gate version           Show version
gate help              Show all commands

Tip: Run gate <command> --help for detailed usage of any command.

Features

  • 148 detection rules (80 built-in + 68 FORTRESS) -- AWS, GCP, Azure, GitHub, Stripe, OpenAI, Anthropic, databases, private keys, PII, and more
  • Credential verification -- checks if detected secrets are live and active
  • Auto-fix across 9 languages -- JS/TS, Python, Go, Ruby, Java, YAML, Terraform, Dockerfile, JSON
  • Interactive remediation -- single-keypress fix, vault, or ignore per finding
  • Incident response -- 5-step guided workflow: rotate, audit, clean, scrub, document
  • Compliance reports -- OWASP, NIST, CIS, SOC2-ready output
  • SARIF output -- upload results to GitHub Advanced Security
  • Git history scanning -- find secrets in past commits and generate purge scripts
  • Zero config, zero dependencies, zero accounts -- runs entirely on your machine

Installation

npx @penumbraforge/gate         # Zero-install (runs via npx)
npm install -g @penumbraforge/gate   # Global install
brew install gate               # Homebrew (coming soon)

GitHub Action

name: Gate
on: [pull_request, push]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: penumbraforge/gate@v2
        with:
          mode: enforce
          verify: true
          format: sarif

Configuration

Gate works with zero configuration. For customization, create a .gaterc file in your project root to adjust severity thresholds, toggle rules, and set scan targets. Use .gateignore to exclude files and directories from scanning.

See GUIDE.md for the full technical reference.

License

Apache 2.0 -- free to use, modify, and distribute, with patent protection. See LICENSE for details.

Built by PenumbraForge. Free forever.