npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@redscope-ai/redscope

v1.0.6

Published

RedScope AI - security-focused AI CLI for penetration testing, asset reconnaissance, threat tracing, and red-team orchestration

Readme

RedScope AI

English | 中文

license: Anti 996 link: 996.icu issues stars

RedScope AI 是一个面向安全团队、渗透测试、资产侦察、威胁追踪和红队编排的 AI CLI。它基于 Bun、TypeScript、React/Ink 和 MCP 工具生态构建,提供交互式终端助手、非交互式管道模式、多模型 Provider、插件系统、远程控制服务和一套受控的安全工作流脚本。

仅在你拥有授权的目标、资产、日志或代码仓库上使用 RedScope AI。项目内置的安全套件强调 scope、审批、速率限制、证据留存和可审计流程,不鼓励也不支持未授权扫描。

目录

项目能力

  • 交互式 AI 编程与安全分析终端:redscope
  • 管道/自动化输出:redscope -p "..." --output-format json
  • 多 Provider:Anthropic、OpenAI 兼容端点、Gemini、Grok、Bedrock、Vertex、Foundry
  • MCP 扩展:stdio、SSE、HTTP、WebSocket、插件内置 MCP、Chrome/Computer Use 集成
  • 安全工作流:工具安装、scope 校验、profile 计划/执行、报告归一化、观测记忆、交付包
  • 远程控制:自托管 Remote Control Server 和 ACP/Bridge 相关能力
  • 插件与 Agent:插件 marketplace、自定义 agent、slash command、hooks、settings 分层配置

快速安装

要求:

  • Node.js/npm
npm i -g @redscope-ai/redscope
redscope --version

从源码开发或调试本仓库时,再使用 Bun 安装依赖和构建:

bun install
bun run build

开发模式:

bun run dev
bun run dev:inspect

常用检查:

bun run typecheck
bun test
bun run test:all

配置模型

RedScope 推荐把模型端点、API Key 和默认模型写入用户配置目录的 env.config,默认路径是:

  • Windows: %USERPROFILE%\.redscope\env.config
  • macOS/Linux: ~/.redscope/env.config

仓库提供了 env.config.example,可复制后按需填写。env.config 会在启动时加载,shell 中临时设置的环境变量优先级更高。

OpenAI 兼容端点示例:

REDSCOPE_MODEL_PROVIDER=openai
REDSCOPE_BASE_URL=https://api.openai.com/v1
REDSCOPE_API_KEY=your-redscope-api-key
REDSCOPE_MODEL=gpt-4.1

DeepSeek 示例:

REDSCOPE_MODEL_PROVIDER=deepseek
DEEPSEEK_API_KEY=your-deepseek-api-key
DEEPSEEK_MODEL=deepseek-chat

Gemini 示例:

REDSCOPE_MODEL_PROVIDER=gemini
GEMINI_API_KEY=your-gemini-key
GEMINI_MODEL=gemini-2.5-pro

更多配置项见 项目使用文档

基本使用

启动交互式会话:

redscope

直接传入提示词:

redscope "帮我审查这个仓库的安全风险"

管道模式:

echo "总结 package.json 的脚本" | redscope -p
redscope -p "输出 JSON 摘要" --output-format json

指定模型和权限模式:

redscope --model sonnet --permission-mode acceptEdits
redscope -p "生成一份发布说明" --allowedTools "Read,Grep,Glob"

MCP 示例:

redscope mcp list
redscope mcp add my-server npx -- -y @my-org/mcp-server
redscope mcp remove my-server

认证与状态:

redscope auth login
redscope auth status --text
redscope auth logout

完整命令参考见 docs/usage.md

安全工作流

RedScope 的安全工作流采用先授权、再计划、再执行、最后归档的流程。发布版用户可以直接用 redscope 发起评估;默认只做计划和低影响分析,不会运行主动扫描。主动或受限测试必须在提示词中明确说明已授权范围、测试窗口和执行边界,并由人工确认。

redscope "列出 RedScope 支持的安全评估 profile,并说明每种 profile 需要的授权条件"
redscope "基于 tools/authorized-scope.example.json,对 https://www.example.com/ 生成 baseline-url-review 安全评估计划,不执行主动扫描"
redscope "根据最近一次 baseline-url-review 评估结果,整理安全报告、证据索引和后续修复建议"

源码开发者需要生成本地 run/report/memory 产物时,可使用 docs/usage.md 中的 bun run redscope:* 脚本命令。

flowchart LR
  A["Scope / Rules of Engagement"] --> B["Profile Selection"]
  B --> C["Plan Only by Default"]
  C --> D{"--execute?"}
  D -- "No" --> E["Run Artifacts"]
  D -- "Yes + Confirmation" --> F["Controlled Tool Execution"]
  F --> E
  E --> G["Report Pipeline"]
  G --> H["Observability Memory"]
  G --> I["Delivery Package"]

测试示例截图

以下示例展示 RedScope AI 在授权确认、目标识别与安全评估报告输出中的终端效果。

截图中的目标地址和敏感信息已脱敏。

RedScope AI 授权确认示例

RedScope AI Spring Boot Admin 安全评估报告示例

RedScope AI Druid 监控面板风险发现示例

项目流程

flowchart TD
  U["User / CI / Pipe"] --> CLI["src/entrypoints/cli.tsx"]
  CLI --> MAIN["src/main.tsx Commander CLI"]
  MAIN --> REPL["React Ink REPL"]
  MAIN --> HEADLESS["Print / JSON / Stream JSON"]
  REPL --> ENGINE["QueryEngine"]
  HEADLESS --> ENGINE
  ENGINE --> API["Provider Adapter"]
  API --> P1["Anthropic"]
  API --> P2["OpenAI Compatible"]
  API --> P3["Gemini / Grok / Cloud"]
  ENGINE --> TOOLS["Builtin Tools + MCP Tools"]
  TOOLS --> FILES["Workspace Files"]
  TOOLS --> SHELL["Shell / PowerShell"]
  TOOLS --> MCP["MCP Servers / Plugins"]

技术栈

  • 运行时:Bun
  • 开发语言:TypeScript、TSX、ESM
  • CLI 框架:Commander.js
  • 终端界面:React 19 + Ink fork
  • 构建系统:Bun.build,Vite 备选构建流程
  • 测试框架:bun:test
  • 代码检查与格式化:Biome
  • 模型提供方:Anthropic SDK、OpenAI 兼容 Chat Completions、Gemini、Grok、AWS Bedrock、Google Vertex、Azure Foundry
  • 扩展能力:MCP、插件、自定义 Agent、slash command、hooks
  • 远程界面:packages/remote-control-server 中的 React + Vite + Radix UI
  • 代理池切换:将ip填写在.redscope/authorized-egress.referee-provided.json中可自动切换ip测试

文档

赞助打赏

如果 RedScope AI 帮你节省了时间,欢迎支持项目继续维护:

微信 / 支付宝打赏:

| 微信 | 支付宝 | | --- | --- | | | |