npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@weave_protocol/cli

v0.1.0

Published

The weave CLI - one command to set up, audit, and run Weave Protocol security for AI agent projects

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tyox-alltyox-all

Keywords

weave-protocolai-securityai-agentscliinitscaffoldmcplangchainllamaindexopenaianthropic

Readme

🕸️ @weave_protocol/cli

npm version npm license

The weave command-line tool — one command to set up, audit, and run Weave Protocol security for AI agent projects.

npx @weave_protocol/cli init

That's it. The CLI detects your stack (LangChain, LlamaIndex, MCP server, OpenAI SDK, Anthropic SDK, or generic), asks which Weave Protocol packages you want, and scaffolds the right security middleware for your project.

Part of the Weave Protocol Security Suite.

Commands

weave init                        # Set up Weave Protocol in the current project
weave audit [path]                # Scan dependencies for supply chain risk
weave dashboard [--port=3000]     # Launch the API server + open the monitoring dashboard
weave doctor                      # Check environment for common config issues
weave version                     # Show CLI + installed package versions
weave help                        # Show help

What weave init does

  1. Detects your framework by inspecting package.json and source imports
  2. Asks you to confirm the framework choice (or pick a different one)
  3. Lets you select which Weave Protocol packages to enable (with sensible defaults per framework)
  4. Generates a weave-security.ts (or .js) middleware file appropriate for your stack
  5. Writes a .weaverc config file that other Weave tools can read
  6. Prints the install command for your package manager (npm/pnpm/yarn/bun)

Framework-specific scaffolding

| Framework | Generated middleware | |-----------|---------------------| | LangChain.js | WeaveSecurityCallback ready to drop into any chain or agent | | MCP Server | secureToolHandler() wrapper that scans inputs and outputs of every tool call | | OpenAI SDK | secureChatCompletion() wrapper for openai.chat.completions.create | | Anthropic SDK | secureMessages() wrapper for anthropic.messages.create | | Vercel AI / AI SDK | OpenAI-style wrapper | | Generic / Raw | No code generation — just installs packages and writes .weaverc |

Example: setting up a new LangChain project

$ cd my-langchain-app
$ npx @weave_protocol/cli init

🕸️  Weave Protocol CLI

Detected
────────────────────────────────────────────────────────────
  • Project root:  /Users/me/my-langchain-app
  • Language:      typescript
  • Framework:     LangChain.js
  • Also detected: OpenAI SDK

? Which framework should we configure for?
  ● 1. LangChain.js (detected)
  ○ 2. Anthropic SDK
  ○ 3. OpenAI SDK
  ○ 4. MCP Server
  ○ 5. None / generic
  (1) > 

? Which Weave Protocol packages do you want? (comma-separated)
  ☑ 1. 🛂 Tollere    — Supply chain security
  ☑ 2. 🛡️ Mund       — Input/output threat scanning
  ☐ 3. 🏛️ Hord       — Encrypted vault for secrets
  ☐ 4. ⚖️ Domere     — Compliance + blockchain anchoring
  ☐ 5. 👥 Witan      — Multi-agent consensus
  ☐ 6. 🔍 Hundredmen — Real-time MCP proxy + drift detection
  ☑ 7. 🔗 Langchain  — LangChain.js callbacks
  ☐ 8. 🔌 API        — REST API + monitoring dashboard
  (1,2,7) > 

Plan
────────────────────────────────────────────────────────────
  • Install 3 package(s):
     • @weave_protocol/langchain
     • @weave_protocol/tollere
     • @weave_protocol/mund
  • Create 1 file(s):
     • weave-security.ts — Security middleware module
  • Write .weaverc configuration file

? Proceed? (Y/n) y

  ✓ Wrote weave-security.ts
  ✓ Wrote .weaverc

Install
────────────────────────────────────────────────────────────
  Run:
    npm install @weave_protocol/langchain @weave_protocol/tollere @weave_protocol/mund

Next steps
────────────────────────────────────────────────────────────
  → Import the security callback in your chains
  → Add it to any chain's `callbacks` array
  → Run `npx weave audit` before each deploy

✨  Weave Protocol initialized!

weave audit

Delegates to Tollere to scan your package.json for typosquats, CVEs, low-reputation maintainers, and suspicious version diffs.

weave audit
weave audit ./apps/api/package.json

Exit codes: 0 = clean, 1 = warnings (review), 2 = critical (install blocked). Wire this into your CI pipeline.

weave dashboard

Launches the API package and opens the monitoring dashboard in your browser:

weave dashboard
weave dashboard --port=4000

Live activity feed, threat intel status, compliance frameworks, MCP server reputation.

weave doctor

Quick environment check:

  • Node.js version >= 18
  • package.json present
  • .weaverc present
  • At least one Weave Protocol package installed
  • Claude Desktop MCP servers configured (if applicable)
weave doctor

Exit code: 0 if all checks pass, 1 if any fail.

Programmatic API

The CLI's internals are also exported as a library, in case you want to build tooling on top:

import { detectFramework, getScaffold } from "@weave_protocol/cli";

const detection = detectFramework(process.cwd());
const scaffold = getScaffold(detection.primary, {
  language: "typescript",
  selectedPackages: ["tollere", "mund"],
  framework: detection.primary,
});

console.log(scaffold.files[0].content);

Related Packages

| Package | Description | |---------|-------------| | @weave_protocol/full | Bundle that installs all Weave Protocol packages | | @weave_protocol/tollere | Supply chain security | | @weave_protocol/mund | Threat scanning | | @weave_protocol/api | REST API + dashboard |

License

Apache 2.0