npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

asyntax-cli

v0.3.6

Published

Asyntax AI — security-scan your codebase from the terminal

Downloads

986

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

asyntaxasyntax

Keywords

asyntaxasyntax-aiaisecuritysastvulnerability-scannercliscannerdevsecops

Readme

Asyntax CLI

Drive your Asyntax workspace from the terminal: pick an org, pick a project, generate a backend or frontend, or run an AI-powered security scan against any directory.

██████╗ ██████╗██╗   ██╗███╗   ██╗████████╗ █████╗ ██╗  ██╗
   Asyntax AI — workspace + security from your terminal

Install

npm install -g asyntax-cli

The package name is asyntax-cli; the executable installed on your PATH is asyntax.

Requires Node.js 18.17+.

Get started

asyntax              # interactive: banner + login/workspace menu
asyntax login        # browser-based magic-link auth via dev.asyntax.com/login/cli
asyntax workspace    # pick an org + project, then generate or scan
asyntax scan ./      # ad-hoc scan of a directory (no project context)
asyntax whoami       # show the current account
asyntax logout       # remove the stored token

asyntax workspace (alias asyntax ws) is the main entry point once you're signed in. After login, the CLI also offers to drop you straight into it.

The workspace flow

After asyntax login:

  1. Pick an org. The CLI lists every organization you're a member of. Choose one, or + Create a new organization.
  2. Pick a project. The CLI lists projects in the chosen org. Choose one, or + Create a new project — you'll be asked for a name and a project type (frontend, backend, fullstack, or security_checkup).
  3. Pick an action. From the workspace menu:
    • Generate a backend project — kicks off an AI generation job scoped to your project. The CLI prints a job ID and a playground URL where you can watch live progress in the browser.
    • Generate a frontend project — same, but for the frontend agent.
    • Scan this project for security issues — walks a directory, sends the files to the security agent in the context of your project, and prints a grouped report.
    • Switch project / org — jump back to the picker.

Your last-used { orgSlug, projectSlug } is cached in ~/.asyntax/config.json, so the next time you run asyntax workspace the CLI offers to resume there.

How auth works

asyntax login follows a device-code flow:

  1. The CLI calls POST /api/v1/cli/auth/initiate and receives a short user_code (e.g. AB12-CD34) plus a verification URL.
  2. The CLI opens your browser to https://dev.asyntax.com/login/cli?code=….
  3. After you sign in to the web platform and click Authorize, the browser hits POST /api/v1/cli/auth/grant to bind the code to your account.
  4. The CLI is polling POST /api/v1/cli/auth/poll and receives a 30-day HMAC-signed token.

The token is written to ~/.asyntax/config.json with mode 0600 and is valid for 30 days; once expired, the CLI will prompt you to log in again. Every command other than login / logout / whoami uses this token via the Authorization: Bearer cli_… header.

Configuration

| Env var | Default | Purpose | | ----------------- | ----------------------------- | --------------------------------------------- | | ASYNTAX_API_URL | https://api.ai.asyntax.com | Override the API base URL (e.g. for staging). |

API endpoints

All authenticated endpoints sit under /api/v1/cli/ and accept the HMAC-signed CLI token. The CLI never touches the regular user JWT.

| Method | Path | Used by | | ------ | ------------------------------------------------------------------------------- | ------------------------ | | GET | /me | asyntax whoami | | GET | /organizations | workspace flow | | POST | /organizations | workspace flow | | GET | /organizations/:orgSlug/projects | workspace flow | | POST | /organizations/:orgSlug/projects | workspace flow | | GET | /organizations/:orgSlug/projects/:projectSlug | workspace flow | | POST | /organizations/:orgSlug/projects/:projectSlug/generate | "Generate backend/frontend" | | POST | /organizations/:orgSlug/projects/:projectSlug/security/scan | "Scan this project" | | POST | /security/scan | asyntax scan <dir> |

What scan does

Both asyntax scan <dir> (ad-hoc) and the project-scoped scan in the workspace flow walk the directory (skipping node_modules, .git, dist, etc.), read scannable source files (up to 50 files / 256 KB per file / 4 MB total), upload them, and print a grouped, color-coded report (critical → info) with a recommendation per finding. The project-scoped variant tags each finding with your org_slug / project_slug.

Privacy / safety

  • Only files you explicitly target are sent.
  • The CLI confirms the file count before uploading.
  • Tokens are stored locally in ~/.asyntax/config.json (mode 0600).
  • asyntax logout deletes the stored token.

Changelog

0.2.0

  • New asyntax workspace command: pick an org → pick a project → generate a backend, generate a frontend, or run a project-scoped security scan.
  • Last-used { orgSlug, projectSlug } is cached for fast re-entry.
  • After asyntax login, the CLI offers to drop straight into the workspace flow.
  • All workspace endpoints sit under /api/v1/cli/ and use the existing CLI HMAC token — no new auth surface.

0.1.0

  • Initial release: login, logout, whoami, scan.