npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@sentrasec/scanner

v1.2.1-alpha

Published

Official CLI tool for the SentraSec Platform - Performs Software Composition Analysis (SCA) scans

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

ss-chetanss-chetan

Keywords

securityscannerdependenciesscasentrasecvulnerabilitysoftware-composition-analysis

Readme

SentraSec Scanner

npm version License Status

⚠️ Alpha Release: This package is currently in early testing phase. Features and APIs may change. Use with caution in production environments.

Official CLI tool for the SentraSec Platform - Performs Software Composition Analysis (SCA) scans to identify security vulnerabilities in your project dependencies.

Note: This package requires an active SentraSec platform account. Sign up at https://sentrasec.ai to get started.

📋 Table of Contents

✨ Features

  • SentraSec Platform Integration: Official CLI tool for the SentraSec security platform
  • Software Composition Analysis (SCA): Comprehensive dependency vulnerability scanning
  • Automated Dependency Detection: Automatically detects and scans project dependencies
  • Multi-Language Support: Currently supports Node.js and Python projects
  • Centralized Dashboard: View detailed scan results on the SentraSec platform dashboard
  • CI/CD Ready: Simple command-line interface for easy integration into your pipelines
  • Zero Configuration: Automatic project type detection

📦 Installation

Prerequisites

  • SentraSec Platform Account: Sign up at https://sentrasec.ai
  • Node.js: Version 14.x or higher
  • Package Manager: npm or yarn

Install via npm

npm install -g @sentrasec/scanner

Install via yarn

yarn global add @sentrasec/scanner

Verify Installation

sentrasec-scan --version
# or
ss-scan --version

You should see version 1.0.0 displayed.

🚀 Quick Start

  1. Create a SentraSec Platform Account

  2. Get Your Credentials

    • Create a new application in the SentraSec platform
    • Copy your Application ID and API Key from the dashboard

  3. Install the Scanner

    npm install -g @sentrasec/scanner

  4. Run Your First SCA Scan

    Navigate to your project directory and run:

    sentrasec-scan sca <YOUR_APP_ID> <YOUR_API_KEY>

  5. View Results on SentraSec Platform

    • Scan results are automatically uploaded to the SentraSec platform
    • Login to your dashboard to view detailed vulnerability reports and remediation guidance

📖 Usage

Basic Syntax

sentrasec-scan <command> [arguments]

Both sentrasec-scan and ss-scan commands are available as aliases.

Example: Scan a Node.js Project

cd /path/to/your/nodejs-project
sentrasec-scan sca app_12345 sk_1234567890abcdef

Example: Scan a Python Project

cd /path/to/your/python-project
sentrasec-scan sca app_12345 sk_1234567890abcdef

🌍 Supported Languages

Currently Supported ✅

Node.js / JavaScript

  • Files Detected: package.json
  • Dependency Types:
    • Production dependencies (dependencies)
    • Development dependencies (devDependencies)
    • Peer dependencies (peerDependencies)

Python

  • Files Detected: requirements.txt
  • Supported Formats:
    • package==1.0.0 (exact version)
    • package>=1.0.0 (minimum version)
    • package~=1.0.0 (compatible version)
    • package (any version)

Planned Support 📋

The following languages are planned for future releases:

  • Java (Maven, Gradle)
  • .NET / C#
  • Go
  • Ruby
  • PHP
  • Rust
  • Swift

See SUPPORTED_LANGUAGES.md for detailed language support roadmap.

💻 Commands

sca (Recommended)

Performs a Software Composition Analysis (SCA) scan and uploads results to the SentraSec platform.

sentrasec-scan sca <app_id> <api_key>

Arguments:

  • app_id (required): Your application ID from the SentraSec platform dashboard
  • api_key (required): Your API key for authentication

What it does:

  1. Automatically detects your project type (Node.js or Python)
  2. Scans all dependencies for known vulnerabilities
  3. Uploads scan results to the SentraSec platform
  4. Provides detailed vulnerability reports accessible via your dashboard

Example:

sentrasec-scan sca app_12345 sk_1234567890abcdef

scan (Legacy)

Legacy command for scanning dependencies locally.

sentrasec-scan scan <project_name> <key>

Arguments:

  • project_name (required): Name of the project to scan
  • key (required): Scan key for authentication

Example:

sentrasec-scan scan my-project legacy_key_123

Note: This command is deprecated. Please use the sca command for new integrations.

⚙️ Requirements

System Requirements

  • Operating System: Linux, macOS, or Windows
  • Node.js: Version 14.x or higher
  • Network: Internet connection required for vulnerability database access

Project Requirements

Your project must contain one of the following dependency files:

  • package.json (Node.js)
  • requirements.txt (Python)

🔧 Troubleshooting

Command Not Found

If you receive a "command not found" error after installation:

# Check if the package is installed
npm list -g @sentrasec/scanner

# Reinstall the package
npm install -g @sentrasec/scanner

Authentication Errors

If you receive authentication errors:

  • Verify your App ID and API Key are correct
  • Ensure you're using the correct credentials from your dashboard
  • Check that your API key hasn't expired

No Dependencies Detected

If the scanner doesn't detect your dependencies:

  • Ensure package.json or requirements.txt exists in your project root
  • Run the scan from your project's root directory
  • Check that the dependency file is properly formatted

Network Errors

If you encounter network-related errors:

  • Check your internet connection
  • Verify that your firewall isn't blocking the connection
  • Try running the scan again

📄 License

Copyright © 2025 SentraSec. All rights reserved.

This software is licensed under the ISC License.

📞 Support

Documentation

Get Help

🎯 Roadmap

Current Version (1.0.0-alpha)

  • ✅ SentraSec platform integration
  • ✅ SCA scanning for Node.js (package.json)
  • ✅ SCA scanning for Python (requirements.txt)
  • ✅ Automated vulnerability detection
  • ✅ Dashboard-based reporting

Upcoming Features

  • 🔄 Additional language support (Java, .NET, Go, Ruby, PHP)
  • 🔄 Enhanced SCA capabilities
  • 🔄 CI/CD integration templates
  • 🔄 Custom security policy configuration
  • 🔄 SBOM (Software Bill of Materials) generation
  • 🔄 Advanced vulnerability remediation guidance

⚠️ Alpha Notice

This package is currently in alpha status and is undergoing early testing. Please be aware:

  • Features and commands may change in future releases
  • Some features may be incomplete or experimental
  • Bug reports and feedback are highly appreciated
  • Not recommended for production-critical workflows until stable release

We appreciate your patience and feedback as we work toward a stable release!

Built with ❤️ by the SentraSec Team