npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

aegisq-codeshield-mcp

v2.0.1

Published

AegisQ-CodeShield MCP server — AI security scanning for Claude Code, Cursor, Windsurf, Copilot, ChatGPT, Cline, and more

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

aegisqaegisq

Keywords

mcpsecurityowaspcisaaillmscannerclaude-codecursorchatgptclinecopilotwindsurfzed

Readme

aegisq-codeshield-mcp

AI security scanning for your coding tools — powered by the Model Context Protocol.

AegisQ-CodeShield scans AI-generated code in real-time for OWASP Top 10, OWASP LLM Top 10, CISA Secure by Design, and CWE vulnerabilities. It works inside your favorite AI coding tool via MCP.

Supported Tools

| Tool | Transport | Config Location | |------|-----------|-----------------| | Claude Code | stdio | ~/.claude/mcp.json | | Cursor | stdio | .cursor/mcp.json | | Windsurf | stdio | MCP settings | | GitHub Copilot | stdio | VS Code settings | | Cline | stdio | MCP settings | | Continue.dev | stdio | MCP settings | | Zed | stdio | settings.json | | ChatGPT | HTTP | http://localhost:3100/mcp | | Codex CLI | stdio | MCP config |

Quick Start

1. Install

npx aegisq-codeshield-mcp --help

Requires Node.js 18+.

v2.0.x: HTTP transport (--http) requires Authorization: Bearer <token> on every /mcp request. The server auto-generates a 256-bit token on first launch (stored at ~/Library/Application Support/AegisQ-CodeShield/auth-token on macOS, ~/.config/aegisq-codeshield/auth-token on Linux, 0600 perms). Set your own with AEGISQ_AUTH_TOKEN. Stdio users (Claude Code, Cursor, Windsurf, Cline, Continue.dev, Zed) are unaffected. See License & Support below for help.

2. Configure Your Tool

Claude Code / Cursor / Windsurf — add to your MCP config:

{
  "mcpServers": {
    "aegisq-codeshield": {
      "command": "npx",
      "args": ["aegisq-codeshield-mcp"],
      "env": {
        "AEGISQ_LICENSE_KEY": "your-license-key"
      }
    }
  }
}

ChatGPT / HTTP-based tools — start the HTTP server:

AEGISQ_LICENSE_KEY=your-key npx aegisq-codeshield-mcp --http

Then connect your tool to http://localhost:3100/mcp.

3. Scan

Ask your AI coding tool:

"Scan this file for security vulnerabilities"

MCP Tools

| Tool | Description | |------|-------------| | aegisq_scan_file | Scan a file for security vulnerabilities | | aegisq_scan_snippet | Scan inline or generated code snippets | | aegisq_explain | AI-powered vulnerability explanation | | aegisq_fix | Auto-fix generation with diff preview | | aegisq_report | Compliance report (OWASP/CISA/CWE) in Markdown, JSON, or CSV | | aegisq_status | Server status, license tier, scan count |

Features

  • 80+ security rules covering injection, auth, crypto, LLM prompt injection, and more
  • LLM-powered deep scanning beyond regex patterns (Pro+)
  • Auto-fix generation with one-click remediation (Pro+)
  • Compliance reports grouped by OWASP, CISA, or CWE
  • Works offline — regex engine runs locally with zero network calls
  • Inline suppression — add // aegisq-ignore to skip specific lines

CLI Options

aegisq-codeshield-mcp [options]

Options:
  --http        Start HTTP server (default: stdio)
  --port PORT   HTTP port (default: 3100)
  --host HOST   HTTP bind address (default: 127.0.0.1)
  --stateless   Stateless HTTP mode
  --help        Show help

Environment Variables

| Variable | Description | |----------|-------------| | AEGISQ_LICENSE_KEY | Your license key | | AEGISQ_LLM_API_KEY | LLM API key (Anthropic, OpenAI, or compatible provider) | | AEGISQ_LLM_PROVIDER | LLM provider: anthropic (default), openai, openai-compatible | | AEGISQ_LLM_MODEL | Model override (e.g. gpt-4o, claude-sonnet-4-5) | | AEGISQ_LLM_BASE_URL | OpenAI-compatible base URL (Groq, OpenRouter, Ollama, etc.) | | AEGISQ_TRANSPORT | Transport mode: stdio or http | | AEGISQ_PORT | HTTP port (default: 3100) | | AEGISQ_HOST | HTTP bind address (default: 127.0.0.1) |

License Tiers

| Tier | Price | LLM Scans | Fixes | Sessions | |------|-------|-----------|-------|----------| | Free | $0 | 5/day | 3/day | 1 | | Pro | $19/mo | Unlimited | Unlimited | 5 | | Team | $49/mo | Unlimited | Unlimited | 25 | | Enterprise | Custom | Unlimited | Unlimited | Unlimited |

The free tier includes all regex-based scanning (80+ rules) with no limits.

License & Support

MIT.

Need help, have a bug to report, or want to talk pricing?

Links