npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

bmad-hardened

v6.2.0

Published

Security-hardened fork of BMad Method — Agile AI-driven Development with integrated security workflows

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

kevin-hdevkevin-hdev

Keywords

agileaiorchestratordevelopmentmethodologyagentsbmadsecurityhardening

Readme

BMAD-HARDENED

License: MIT Based on BMad Method

Community fork of BMad Method with integrated security hardening across the entire agile lifecycle.

Credit: This project is a fork of BMad Method by Brian (BMad) Madison / BMad Code, LLC. The entire base framework, agent architecture, workflows, and CLI are his work. BMAD-HARDENED adds a security layer on top of this foundation.

What BMAD-HARDENED adds

3 new security agents (Party Mode)

| Agent | Name | Role | |-------|------|------| | 🛡️ Cybersecurity Expert | Nyx | Vulnerability analysis, OWASP, CVE tracking, supply chain, LLM security | | 🏰 Security Architect | Bastion | Threat modeling STRIDE/DREAD, zero-trust, isolation, crypto design | | 🤓 Tech Genius | Zero | Bleeding-edge tech watch, alternatives to mainstream solutions |

1 new workflow: Security Review

Comprehensive security audit of architecture, PRD, and stories before implementation. Integrated in Phase 3 (Solutioning).

24 universal security DATA files

Security knowledge base loaded on demand by any agent/workflow via a tag-based index system:

  • 11 attack patterns (atk-*): LLM injection, supply chain, privilege escalation, reverse engineering...
  • 10 defense patterns (def-*): crypto, auth, OS isolation, framework hardening, audit logging...
  • 3 reference files (ref-*): agent threat model, cross-validation matrix, CVE catalog

All files are language/framework agnostic — they describe universal patterns, not specific implementations.

Reinforcement of existing agents and workflows

  • All agents: systematic web search before any work + global rules compliance
  • Code Review: adversarial security deep dive added to workflow
  • 5 workflows enriched with conditional security data loading (INDEX_THEN_SELECTIVE)
  • Global Agent Rules: mandatory web search, feature checkup tracking, story size enforcement, review scope guard
  • Implementation Readiness: blocking security gate before Phase 4

Loading strategy: INDEX_THEN_SELECTIVE

Security data is never loaded in bulk. The mechanism:

  1. Agent/workflow loads index.md (file listing with tags)
  2. Matches tags against current context (stack, domain, story)
  3. Loads only 3-5 relevant files

3 defense layers ensure loading:

  1. Global rules reference index.md
  2. Each workflow has explicit loading instructions
  3. Agent critical_actions reference index.md

Installation

npx bmad-hardened install

Installs the full BMAD-HARDENED framework (agents, workflows, security data, templates) into your project.

Original project

BMad Method by Brian (BMad) Madison / BMad Code, LLC

Changelog

See FORK-CHANGES.md for the complete list of modifications made by this fork.

See CHANGELOG.md for the original project history.

License

MIT License — see LICENSE.

BMad and BMAD-METHOD are trademarks of BMad Code, LLC. See TRADEMARK.md. This fork is an unofficial community project, not affiliated with or endorsed by BMad Code, LLC.