npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@vibecodiq/cli

v0.10.0

Published

Safety scanner, architecture guard & slice scaffolding for AI-built apps

Downloads

340

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

asa-standard-oasa-standard-o

Keywords

vibecodiqasasafetyscannerarchitectureailovablecursorvibe-codingslice-architecture

Readme

@vibecodiq/cli

Safety scanner, architecture guard & slice scaffolding for AI-built apps.

34 automated safety checks on auth, billing, admin, and architecture. Trust Score + AI Chaos Index computed locally. CI enforcement on every PR. Your code never leaves your machine.

Install

npx @vibecodiq/cli scan          # Zero-install (recommended)
npm install -g @vibecodiq/cli    # Or global install

Requires Node.js 18+. Zero config. No login required.

Scan

Detect safety gaps and structural risk. Results in seconds.

npx @vibecodiq/cli scan                # Safety scan — Trust Score (A-F)
npx @vibecodiq/cli scan --architecture # Architecture scan — AI Chaos Index (0-100)

Guard

Enforce safety rules on every PR. Prevent regressions in CI.

npx @vibecodiq/cli guard init          # Safety mode — CI workflow + baseline
npx @vibecodiq/cli guard init --all    # Full mode — safety + architecture rules
npx @vibecodiq/cli guard check         # Run checks locally or in CI (exit 1 on fail)

Full mode (--all) creates:

  • .asa/rules/architecture.md — architecture rules for AI (Lovable, Bolt, v0)
  • .cursorrules — same rules for IDE (Cursor, Windsurf, Claude Code)
  • .github/workflows/asa-guard.yml — CI workflow that checks every PR
  • .asa/baseline.json — snapshot of existing issues (won't block commits)

Create Slice

Scaffold domain slices with the correct file structure.

npx @vibecodiq/cli create-slice auth/login
npx @vibecodiq/cli create-slice billing/subscribe
npx @vibecodiq/cli create-slice admin/user-list

Creates 4 template files per slice: Component, Hook, actions.ts, types.ts.

Waivers

Handle false positives without disabling checks.

npx @vibecodiq/cli waiver create AUTH-06 1c78c0cc "Custom auth via Edge Functions"

What It Checks

Auth Safety (8 checks)

service_role key exposure, RLS policies, getUser() vs getSession(), NEXT_PUBLIC_ secrets, protected route redirects, client/server auth separation, eval()/dangerouslySetInnerHTML

Billing Safety (8 checks)

Stripe key exposure, webhook signature verification, raw body preservation, idempotent processing, client-side billing state, server-initiated checkout, success_url fulfillment, PCI raw card data

Admin Safety (4 checks)

Server-side auth on admin endpoints, admin route protection, debug route exposure, hardcoded credentials

Architecture (10 checks)

Domain isolation, cross-domain imports (AST-based), thin pages, shared/ separation, file size limits, empty slice detection, server action pragma, port compliance, CI/CD pipeline, test files

Foundation (4 checks)

.env.example exists, no committed secrets, TypeScript strict mode, global error boundary

34 checks total. Based on the ASA Standard.

How It Works

  1. Scan runs locally — CLI analyzes source files using AST parsing and pattern matching. No code is uploaded.
  2. Findings sent to API — only metadata (check IDs, pass/fail, relative file paths). No source code, no secrets.
  3. API returns intelligence — Trust Score, AI Chaos Index, fix prompts, shareable report link.

If the API is unavailable, CLI still works — you get local results without report link.

Learn More