npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@securityreviewai/securityreview-kit

v0.1.48

Published

Bootstrap security-review-mcp for AI IDEs and CLI tools

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

haricharanaharicharanaabhaysecrevabhaysecrev

Keywords

securitymcpsecurity-reviewsraiai-idecursorclaudecodexgeminiwindsurfvscode

Readme

@securityreviewai/securityreview-kit

Bootstrap security-review-mcp for AI IDEs and CLI tools in one command.

@securityreviewai/securityreview-kit configures the SRAI security review MCP server and installs workspace rules so your AI assistant consults security threat models and countermeasures before generating code.

Quick Start

# Interactive mode (recommended)
npx @securityreviewai/securityreview-kit init

# Or specify targets directly
npx @securityreviewai/securityreview-kit init --target cursor --api-url https://api.example.com --api-key YOUR_TOKEN

# Install for multiple targets
npx @securityreviewai/securityreview-kit init --target cursor claude vscode

# Install for all supported targets
npx @securityreviewai/securityreview-kit init --all --api-url https://api.example.com --api-key YOUR_TOKEN

# Re-open project selection menu and update installed rules
npx @securityreviewai/securityreview-kit init --switch-project

Supported Targets

| Target | Flag | MCP Config | Workspace Rule | |---|---|---|---| | Cursor | cursor | .cursor/mcp.json | .cursor/rules/srai-security-review.mdc, .cursor/rules/guardrails_rule.mdc, .cursor/commands/srai-profile.md, .cursor/commands/guardrails-init-profile.md, .cursor/skills/threat-modelling/SKILL.md, .cursor/skills/vibereview-sync/SKILL.md, .cursor/hooks.json | | Claude Code | claude | .mcp.json | .claude/CLAUDE.md, .claude/settings.json, .claude/skills/threat-modelling/SKILL.md, .claude/skills/vibereview-sync/SKILL.md, .claude/skills/guardrails-profiler/SKILL.md, .claude/skills/guardrails-selection/SKILL.md, .claude/commands/guardrails-init-profile.md | | VS Code Copilot | vscode | .vscode/mcp.json | .github/copilot-instructions.md, .github/skills/threat-modelling/SKILL.md, .github/skills/vibereview-sync/SKILL.md, .github/skills/guardrails-profiler/SKILL.md, .github/skills/guardrails-selection/SKILL.md, .github/hooks/srai-session-policy.json | | Windsurf | windsurf | .windsurf/mcp_config.json | .windsurf/rules/srai-security-review.md | | Codex | codex | .codex/config.toml | .codex/AGENTS.md, .codex/skills/threat-modelling/SKILL.md, .codex/skills/vibereview-sync/SKILL.md, .codex/skills/guardrails-profiler/SKILL.md, .codex/skills/guardrails-selection/SKILL.md, .codex/hooks.json, .codex/commands/guardrails-init-profile.md | | Gemini CLI | gemini | .gemini/settings.json | GEMINI.md | | Antigravity | antigravity | .gemini/settings.json | .agents/rules/srai-security-review.md |

Commands

@securityreviewai/securityreview-kit init

Configure security-review-mcp for your IDE/CLI. Runs interactively when no flags are provided.

Options:
  -t, --target <name...>  Target IDE/CLI (cursor, claude, vscode, windsurf, codex, gemini, antigravity)
  -a, --all               Install for all supported targets
  --project-name <name>   (Optional) Preselect project name from fetched API project list
  --api-url <url>         SRAI API URL (or set SECURITY_REVIEW_API_URL env var)
  --api-key <token>       SRAI API Token (or set SECURITY_REVIEW_API_TOKEN env var)
  --switch-project        Fetch projects and only update mapped workspace rules
  --skip-mcp              Skip MCP server config installation
  --skip-rules            Skip workspace rule installation
  --profile-repo          Run the guardrails profiler after init
  --profiler-claude-login Run Claude Code login before profiling
  --claude-auth-mode <mode>
                          Claude profiling auth mode: current, claudeai, console, api_key, gateway, bedrock, vertex, or setup_token
  --claude-api-key <key>  Anthropic API key for Claude profiling
  --claude-base-url <url> Anthropic-compatible base URL for Claude profiling
  --claude-auth-token <token>
                          Auth token for Claude profiling gateway mode
  --claude-provider-model <model>
                          Optional Claude provider model override for gateway, Bedrock, or Vertex profiling
  --profiler-copilot-login
                          Run GitHub Copilot CLI login before VS Code Copilot profiling
  --profiler-codex-login  Run Codex login before Codex profiling
  --profiler-verbose      Show live profiler output while profiling runs
  --show-profiler-logs    Alias for --profiler-verbose

@securityreviewai/securityreview-kit init --switch-project

Fetches projects from https://<api-url>/api/projects/ using Authorization: Bearer <api-key>, shows a single-select menu, and updates installed workspace rules with the selected project.

@securityreviewai/securityreview-kit status

Show current configuration status for all supported targets in the workspace.

Environment Variables

| Variable | Description | |---|---| | SECURITY_REVIEW_PROJECT_NAME | Optional default project name to preselect in the project menu | | SECURITY_REVIEW_API_URL | SRAI platform API endpoint | | SECURITY_REVIEW_API_TOKEN | Your SRAI API token |

These can be provided via CLI flags, environment variables, or interactive prompts.

What Gets Installed

MCP Server Config — tells your IDE how to launch the security-review-mcp server via npx.

Workspace Rules — instructs the AI assistant to consult SRAI threat models and countermeasures before generating security-relevant code. If configured, the selected SRAI project name is injected into the MCP workflow instructions in the installed rule content.

How It Works

  1. Run @securityreviewai/securityreview-kit init
  2. Select your IDE/CLI target(s)
  3. Choose whether to install workspace rules and MCP config
  4. If MCP is selected, enter your SRAI credentials (API URL, token)
  5. The tool fetches /api/projects/ and you select exactly one SRAI project from the menu
  6. The tool creates/merges MCP config and workspace rule files
  7. Your AI assistant now has access to SRAI security reviews

The tool is idempotent — running it multiple times safely updates existing configs without duplicating content.