npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

cdk-insights

v1.2.5

Published

AWS CDK security and cost analysis tool with AI-powered insights

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

leepriestleepriest

Keywords

awscdkcloudformationanalysissecuritycost-optimizationstatic-analysisdevopsinfrastructureaws-cdkcloud-securitycompliance

Readme

CDK Insights 🔍

Catch security issues in your AWS CDK before they reach production.

Scan your CDK stacks for security vulnerabilities, cost waste, compliance violations, and best practice issues — across 100+ rules and 35+ AWS services. Your source code never leaves your machine.

npm version npm downloads

👉 cdkinsights.dev | Full Documentation

Why CDK Insights?

Existing tools (Checkov, cfn-lint, cfn_nag) scan raw CloudFormation. They don't understand CDK constructs, L2/L3 patterns, or developer intent.

CDK Insights is purpose-built for CDK — it synthesizes your stacks and analyzes them with CDK context, integrating CDK Nag alongside 100+ custom rules.

Key differences:

  • Local-first — static analysis runs entirely on your machine, no code uploaded
  • Zero friction — no signup, no account, no API keys
  • Free forever — static analysis with 100+ rules, JSON/Table/Markdown output, no limits
  • CDK-native — understands constructs and patterns, not just CloudFormation
  • CI/CD ready — GitHub Action with PR comments and merge blocking

🚀 Quick Start

# Run instantly — no install needed
npx cdk-insights scan

That's it. CDK Insights will synthesize your stacks and scan them.

Install in your project

# Add to your project
npm install --save-dev cdk-insights

# Set up npm scripts automatically
npx cdk-insights init

# Then use familiar commands
npm run cdk-insights

What cdk-insights init adds

{
  "scripts": {
    "cdk-insights": "cdk-insights scan",
    "cdk-insights:all": "cdk-insights scan --all",
    "cdk-insights:json": "cdk-insights scan --output json",
    "cdk-insights:markdown": "cdk-insights scan --output markdown",
    "cdk-insights:ci": "cdk-insights scan --all --output json --fail-on-critical"
  }
}

Use npx cdk-insights init --all to include additional scripts for GitHub issues and summary output.

🔍 What It Catches

CDK Insights scans for real problems across 35+ AWS services:

| Category | Examples | |----------|---------| | Security | Public S3 buckets, wildcard IAM policies, unencrypted RDS/DynamoDB/SQS, open security groups | | Cost | Over-provisioned Lambda memory, missing S3 lifecycle policies, unused resources | | Best Practices | Missing CloudWatch alarms, no VPC flow logs, missing point-in-time recovery | | Compliance | Encryption at rest, logging enabled, backup configuration |

Services covered: S3, IAM, Lambda, RDS, EC2, DynamoDB, SQS, SNS, CloudFront, ECS/Fargate, API Gateway, Cognito, KMS, Secrets Manager, Step Functions, CloudTrail, EventBridge, EBS, WAF, CloudWatch, Route53, ElastiCache, ECR, OpenSearch, VPC, EKS, and more.

📊 Output Formats

| Format | Use Case | Command | |--------|----------|---------| | Table | Terminal review (default) | npx cdk-insights scan | | JSON | CI/CD pipelines, automation | --output json | | Markdown | Reports, documentation | --output markdown | | Summary | Quick overview | --output summary | | SARIF | GitHub Code Scanning | --output sarif |

💡 Usage Examples

| Scenario | Command | |----------|---------| | Full project scan | npx cdk-insights scan --all --output summary | | Security-only focus | npx cdk-insights scan --services IAM,S3,KMS --rule-filter Security | | Markdown report | npx cdk-insights scan --output markdown > report.md | | CI/CD with fail gate | npx cdk-insights scan --all --output json --fail-on-critical | | Create GitHub issue | npx cdk-insights scan --output markdown --with-issue |

🔄 CI/CD Integration

CDK Insights automatically detects CI environments (GitHub Actions, GitLab CI, Jenkins, CircleCI, AWS CodeBuild, and more) and adjusts behavior accordingly.

GitHub Action

- name: Run CDK Insights
  uses: instance-labs/cdk-insights-action@v1
  with:
    license-key: ${{ secrets.CDK_INSIGHTS_LICENSE_KEY }}
    fail-on-critical: true

The GitHub Action posts findings as PR comments, uploads SARIF for Code Scanning, and supports configurable severity thresholds for merge blocking.

Manual CI Setup

- name: Run CDK Insights
  run: npx cdk-insights scan --all --output json --fail-on-critical
  env:
    CDK_INSIGHTS_LICENSE_KEY: ${{ secrets.CDK_INSIGHTS_LICENSE_KEY }}

In CI mode, CDK Insights will:

  • Automatically analyze all stacks
  • Output JSON format for easy parsing
  • Skip interactive prompts
  • Exit with code 1 on critical issues (with --fail-on-critical)

⚙️ Configuration

Create a .cdk-insights.json in your project root, or run:

npx cdk-insights config setup

CDK Aspect (Enhanced Analysis)

For precise file/line metadata and richer context, add the aspect in your CDK app:

import { App, Aspects } from 'aws-cdk-lib';
import { CdkInsightsAspect } from 'cdk-insights';

const app = new App();
Aspects.of(app).add(new CdkInsightsAspect());
// define stacks...
app.synth();

💰 Pricing

| Plan | Price | What's Included | |------|-------|-----------------| | Free | £0 forever | Static analysis (100+ rules), JSON/Table/Markdown/SARIF output, multi-stack analysis, CLI access | | Pro | £9.99/mo | Everything in Free + AI analysis (Bedrock), GitHub integration, dashboard, PDF reports, 10,000 resources/mo | | Team | £7.99/member/mo | Everything in Pro + team management, shared configs, audit trails, 15,000 resources/member |

Static analysis is free forever — no trial, no credit card, no signup required.

The AI tier adds deep analysis via AWS Bedrock: security analysis, findings categorised by Well-Architected Framework pillar, and context-aware recommendations.

👉 View full pricing

🧰 Requirements

  • Node.js 22 or later
  • AWS CDK v2 project

Quick Compatibility Check

node --version  # Should be 22+
ls cdk.json     # Should exist in CDK project

🔧 Troubleshooting

Cache Management

npx cdk-insights clear-cache    # Clear all caches
npx cdk-insights cache-status   # Check cache status
npx cdk-insights scan --no-cache # Run without cache

Authentication Issues

  1. Check your license key: echo $CDK_INSIGHTS_LICENSE_KEY
  2. Clear the auth cache: npx cdk-insights clear-cache
  3. Verify your internet connection

Sensitive Data Detection

CDK Insights detects potentially sensitive data in your CloudFormation templates:

npx cdk-insights scan --fail-on-critical  # Fail on sensitive data (default)
npx cdk-insights scan --warn-sensitive     # Warn but continue

📚 Links