npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@vibecheckai/cli

v4.0.2

Published

Vibecheck CLI - Ship with confidence. One verdict: SHIP | WARN | BLOCK.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vibecheckaivibecheckai

Keywords

vibechecksecuritycliscanningvulnerabilitiessecretssbomosvcvedevsecopssastsupply-chain

Readme

vibecheck CLI v4.0

Ship with confidence. One verdict: SHIP | WARN | BLOCK

The CLI that catches AI hallucinations before they ship. Dead routes, fake data, missing auth, exposed secrets — vibecheck blocks it all in CI.

Installation

npm install -g @vibecheckai/cli
# or
npx @vibecheckai/cli --help

Quick Start

# 1. Setup your project (one-time)
vibecheck link

# 2. 60-second onboarding (recommended)
vibecheck kickoff

# 3. Run analysis
vibecheck audit

# 4. Get ship verdict (PRO)
vibecheck ship

# 5. Full proof loop (PRO)
vibecheck prove

Command Reference

Tiers

| Tier | Price | Description | |------|-------|-------------| | FREE | $0 | Inspect & Observe | | PRO | $49/mo | Fix, Prove & Enforce |

FREE Tier Commands

| Command | Aliases | Description | |---------|---------|-------------| | link | init, setup, configure | Instant project binding (<10s, zero questions) | | kickoff | quickstart, qs, start, onboard | 60-second dopamine: link → forge → audit → ship | | doctor | health, diag | Environment + dependency + config health check | | watch | w, dev | Continuous mode - re-runs on changes | | forge | context, ctx, rules, ai-rules, mdc, brain | AI Brain Generator - minimal but lethal rules | | audit | scan, s, check | Convincing wrongness detector | | auth | login, logout, whoami | Authentication management | | safelist | allowlist, al, suppress | Responsible finding suppression with justification & expiry | | labs | — | Experimental & beta features | | packs | report, html, artifact, evidence-pack | Unified artifact generation (evidence, reports, graphs) | | ci | — | One-command enterprise CI wiring (GitHub Actions) |

PRO Tier Commands

| Command | Aliases | Description | |---------|---------|-------------| | intent | — | Declare intent for Agent Firewall enforcement | | approve | — | Review and approve session changes | | shield | guard, ai-guard, firewall, validate | Agent Firewall - intercept, validate, and enforce AI actions | | launch | gate, ci-gate, enforce | Pre-release validation wizard | | reality | browser, e2e | Browser-based runtime verification | | prove | p, verify | Full proof loop with runtime verification | | ship | — | Verdict engine - SHIP / WARN / BLOCK | | seal | badge, attest | Generate ship badge and attestation | | fix | f, repair, missions | Mission-based auto-fix with safety gates | | checkpoint | cp, snap, snapshot, timemachine | Time machine - snapshot & restore | | polish | prod, final | Production polish - final cleanup before deploy | | mcp | — | Start MCP server for AI IDEs |

Shield Subcommands (Agent Firewall)

vibecheck shield status           # Show firewall status
vibecheck shield enforce          # Enable enforcement mode
vibecheck shield observe          # Enable observe-only mode
vibecheck shield lock             # Hard lockdown (all rules)
vibecheck shield unlock           # Release lock
vibecheck shield verify           # Verify claims/prompts
vibecheck shield install          # Install IDE hooks
vibecheck shield stats            # Show statistics

Packs Subcommands (Artifacts)

vibecheck packs evidence          # Bundle videos, traces, screenshots
vibecheck packs report            # Generate HTML/MD/SARIF reports
vibecheck packs graph             # Proof graph visualization

Auth Subcommands

vibecheck auth login              # Authenticate with API key
vibecheck auth logout             # Remove stored credentials
vibecheck auth whoami             # Show current user and plan
vibecheck auth --check            # Verify authentication status
vibecheck auth --refresh          # Refresh credentials

What It Catches

| Issue | Severity | Description | |-------|----------|-------------| | Dead Routes | BLOCK | Client calls API that doesn't exist | | Ghost Auth | BLOCK | Sensitive endpoint without auth | | Exposed Secrets | BLOCK | API keys in code | | Fake Success | BLOCK | Success UI without API confirmation | | Env Gaps | WARN | Used env vars not in .env.example | | Stripe Violations | BLOCK | Unverified webhooks | | Owner Mode Bypass | BLOCK | Debug flags in production | | Mock Data | BLOCK | Fake/fixture data in production |

Ship Verdict

╔═════════════════════════════════════════════════════════════════╗
║  🟢  SHIP IT!  Your code is production-ready.                   ║
╚═════════════════════════════════════════════════════════════════╝

Exit Codes

| Code | Status | Meaning | |------|--------|---------| | 0 | ✅ SHIP | All checks passed | | 2 | 🚫 BLOCK | Violations found (CI failure) | | 3 | ⚠️ UPGRADE | Feature requires higher tier | | 4 | ❌ ERROR | Misconfiguration / env error |

MCP Server

Connect vibecheck to AI coding agents (Cursor, Windsurf, Claude):

{
  "mcpServers": {
    "vibecheck": {
      "command": "npx",
      "args": ["@vibecheckai/cli", "mcp"]
    }
  }
}

Available MCP Tools

| Tool | Description | |------|-------------| | vibecheck_audit | Run static analysis | | vibecheck_ship | Get ship verdict | | vibecheck_fix | Apply AI-powered fixes | | vibecheck_prove | Full proof loop | | vibecheck_shield | Agent Firewall controls | | vibecheck_forge | Generate IDE rules | | vibecheck_reality | Runtime verification |

Configuration

Create .vibecheck/config.json:

{
  "strict": false,
  "fastifyEntry": "src/server.ts",
  "exclude": ["**/test/**", "**/*.spec.ts"]
}

Or vibecheck.config.json in project root:

{
  "version": "4.0.0",
  "checks": ["integrity", "security", "hygiene"],
  "output": ".vibecheck",
  "policy": {
    "failOn": ["critical", "high"],
    "allowlist": {
      "domains": ["api.stripe.com"],
      "paths": ["src/testing/*"]
    }
  }
}

License

MIT © Vibecheck AI

Documentation · Discord · GitHub