npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

audit-notes-cli

v0.1.7

Published

------------------------------------------------------------------------

Downloads

28

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

giwatngiwatn

Keywords

smart-contractsecurityauditslitherweb3

Readme

Audit Notes CLI

Noise-Free Smart Contract Security for Pull Requests

Audit Notes is a CI-first smart contract audit CLI built on top of Slither. It focuses on signal over noise by failing CI only when new HIGH or CRITICAL issues are introduced.

The core scan and CI gating are free forever. Audit Notes PRO adds actionable remediation guidance, not more noise.

Why Audit Notes?

Most security tools are noisy.

Audit Notes is opinionated:

  • Catch new risks, not old ones

  • Fail CI only on HIGH / CRITICAL regressions

  • Generate outputs developers can actually read

  • Work locally and in CI

  • No dashboards. No accounts. Just files.

Features

#🆓 Free (No license required)

  • Static analysis via Slither

  • Markdown audit notes

  • SARIF output (GitHub Security tab)

  • PR diffing against base branch

  • CI gating on new HIGH / CRITICAL issues

  • Noise suppression profiles

  • Stable Finding IDs

💎 PRO (License required)

  • Remediation recommendations

  • Fix hints and guidance

  • audit-note explain

  • Designed for solo auditors and teams

  • Works locally and in CI

  • Offline licence validation ( no phone-home)

Installation

Audit Notes is distributed via npm.

  • npm install -g audit-notes-cli

Or run directly with:

  • npx audit-notes-cli

Prerequisites

Audit Notes expects a Slither JSON report.

Generate one with:

  • slither . --json slither.json || true

Usage

Run a basic audit (Free)

  • npx audit-notes run

Generates:

output/AUDIT_NOTES.md output/AUDIT_NOTES.json

Generate SARIF (Free)

  • npx audit-notes run --sarif

Generates:

output/audit-notes.sarif

Upload this to GitHub’s Security tab using upload-sarif.

PR diff mode (Free, CI-safe)

  • npx audit-notes run --diff --base slither-main.json

Behavior:

  • Compares current findings with base

  • Fails CI only if new HIGH / CRITICAL issues are introduced

  • Safe to run in Github Actions

Finding IDs (Important)

Each finding includes a stable Finding ID.

Example:

Finding ID: 89c733fa72c96b0346f84b896f53f0e79c52bb41

These IDs are used to:

  • Link recommendations → findings

  • Explain findings

  • Track issues across PRs

  • Support enterprise CI contracts

PRO Usage

PRO unlocks guidance on how to fix issues, not basic scanning.

Set your license

  • export AUDIT_NOTES_LICENSE=AN-PRO-XXXX
  • export AUDIT_NOTES_SECRET=your_secret_here

Generate remediation recommendations (PRO)

  • npx audit-notes run --recommendations

Generates:

output/recommendations.json

Generate fix hints (PRO)

  • npx audit-notes run --fix-hints

Generates:

output/fix-hints.json

  • Without a license

Running PRO commands without a license will show:

" This feature requires Audit Notes PRO. Set AUDIT_NOTES_LICENSE to continue."

Explain a Finding (PRO-Enhanced)

audit-notes explain

Outputs:

  • Finding description

  • Severity

  • Detector

  • Optional remediation guidance (PRO)

Output Formats

audit-notes run --format=md # Default audit-notes run --format=json audit-notes run --format=summary

Summary format is ideal for PR comments.

Free vs PRO

| Feature | Free | PRO | | --------------------------- | ---- | --- | | Static analysis (Slither) | ✅ | ✅ | | Markdown audit report | ✅ | ✅ | | SARIF (GitHub Security tab) | ✅ | ✅ | | PR diff & CI gating | ✅ | ✅ | | Noise suppression profiles | ✅ | ✅ | | Finding IDs | ✅ | ✅ | | Explain findings | ❌ | ✅ | | Remediation recommendations | ❌ | ✅ | | Fix hints & guidance | ❌ | ✅ | | Solo usage | ✅ | ✅ | | Team / CI usage | ✅ | ✅ | | Priority support | ❌ | ✅ |

GitHub Actions

Audit Notes is designed to run in CI.

Typical workflow:

  • Run Slither on base branch

  • Run Slither on PR

  • Run audit-notes run --diff --base slither-main.json

Optionally upload SARIF

Philosophy

Audit Notes is intentionally minimal:

  • No dashboards

  • No accounts

  • No phone-home

  • Files you can review, diff, and commit

Security tools should help you think less, not more.

License & Plans

Audit Notes is free to use for scanning and CI gating.

PRO plans

  • PRO Solo — individual auditors

  • PRO Team — shared repos and CI

PRO unlocks:

  • Remediation recommendations

  • Fix hints

Pricing is simple and transparent.

Roadmap

  • Improve recommendation quality

  • Better PR summaries

  • Optional team-level enforcement (later)

  • No bloat. No feature creep.

Contributing

Issues and PRs are welcome.

This project prioritizes clarity, signal, and developer trust.

One-line summary

  • Free for scanning and CI gating.
  • PRO for guidance on how to fix what’s found.

📧 Contact

For support, collaboration, or technical questions: