npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

codeant-cli

v0.1.3

Published

Code review CLI tool

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

codeant-aicodeant-ai

Keywords

clicode-reviewsecrets

Readme

CodeAnt CLI

A command-line tool for code review and security scanning.

Installation

npm install -g codeant-cli

Or run locally:

git clone https://github.com/codeantai/codeant-cli.git
cd codeant-cli
npm install
npm link

Quick Start

# Login to CodeAnt
codeant login

# Scan staged files for secrets
codeant secrets

Usage

codeant <command> [options]

Commands

login

Authenticate with CodeAnt. Opens a browser window for login.

codeant login

logout

Log out from CodeAnt.

codeant logout

secrets

Scan your code for exposed secrets, API keys, and credentials.

codeant secrets [options]

Options:

| Option | Description | |--------|-------------| | --staged | Scan only staged files (default) | | --all | Scan all changed files compared to base branch | | --uncommitted | Scan all uncommitted changes | | --last-commit | Scan files from the last commit | | --fail-on <level> | Fail only on HIGH, MEDIUM, or all (default: HIGH) | | --include <patterns> | Comma-separated glob patterns to include files | | --exclude <patterns> | Comma-separated glob patterns to exclude files |

Examples:

# Scan staged files (default)
codeant secrets

# Scan all changed files
codeant secrets --all

# Scan last commit
codeant secrets --last-commit

# Only fail on HIGH confidence secrets (default)
codeant secrets --fail-on HIGH

# Fail on HIGH and MEDIUM confidence secrets
codeant secrets --fail-on MEDIUM

# Fail on all secrets (except false positives)
codeant secrets --fail-on all

# Filter files using glob patterns
codeant secrets --include '**/*.js'                           # Only JS files
codeant secrets --exclude 'node_modules/**,*.test.js'         # Exclude patterns
codeant secrets --include 'src/**' --exclude '*.test.*'       # Combine both

File Filtering:

Use --include and --exclude with glob patterns to filter files:

  • * matches any characters except /
  • ** matches any characters including /
  • *.{js,ts} matches multiple extensions
  • Comma-separated for multiple patterns: --exclude 'test/**,dist/**'

Exit codes:

  • 0 - No blocking secrets found (or only false positives)
  • 1 - Secrets detected that match the --fail-on threshold

Confidence Levels:

  • HIGH - High confidence, likely a real secret
  • MEDIUM - Medium confidence, may need review
  • FALSE_POSITIVE - Detected but likely not a real secret (always ignored)

static-analysis

Run static code analysis to detect code quality issues, bugs, and code smells.

codeant static-analysis [options]

Options:

| Option | Description | |--------|-------------| | --staged | Scan only staged files (default) | | --all | Scan all changed files compared to base branch | | --uncommitted | Scan all uncommitted changes | | --last-commit | Scan files from the last commit | | --fail-on <level> | Fail on issues at or above this level (default: CRITICAL) | | --auto-fix | Automatically apply fixes when available | | --include <patterns> | Comma-separated glob patterns to include files | | --exclude <patterns> | Comma-separated glob patterns to exclude files |

Issue Levels: BLOCKER > CRITICAL > MAJOR > MINOR > INFO

security-analysis

Run security analysis to detect vulnerabilities in your code.

codeant security-analysis [options]

Options:

| Option | Description | |--------|-------------| | --staged | Scan only staged files (default) | | --all | Scan all changed files compared to base branch | | --uncommitted | Scan all uncommitted changes | | --last-commit | Scan files from the last commit | | --fail-on <level> | Fail on issues at or above this level (default: HIGH) | | --include <patterns> | Comma-separated glob patterns to include files | | --exclude <patterns> | Comma-separated glob patterns to exclude files |

Severity Levels: CRITICAL > HIGH > MEDIUM

set-base-url <url>

Set a custom API base URL.

codeant set-base-url https://api.example.com

get-base-url

Show the current API base URL and its source.

codeant get-base-url

Global Options

codeant --version    # Show version
codeant --help       # Show help

Configuration

Config is stored in ~/.codeant/config.json.

You can also use environment variables:

| Variable | Description | |----------|-------------| | CODEANT_API_URL | API base URL (overrides config) | | CODEANT_API_TOKEN | Authentication token (overrides config) |

Priority order:

  1. Environment variables (highest)
  2. Config file (~/.codeant/config.json)
  3. Default values

Git Hooks

Use CodeAnt as a pre-commit hook to prevent secrets from being committed.

Manual Setup

Create .git/hooks/pre-commit:

#!/bin/sh
codeant secrets

Make it executable:

chmod +x .git/hooks/pre-commit

With Husky

npx husky add .husky/pre-commit "codeant secrets"

With lefthook

Add to lefthook.yml:

pre-commit:
  commands:
    secrets:
      run: codeant secrets

Example Output

Secrets Found (blocking)

✗ 2 secret(s) found!

src/config.js
  Line 5: AWS Access Key (HIGH)
  Line 12: API Key (HIGH)

Remove secrets before committing.

Only False Positives (non-blocking)

⚠ 1 potential secret(s) found (ignored)

Ignored (false positives):
  src/example.js
    Line 10: Generic Secret (FALSE_POSITIVE)

✓ Commit allowed (only false positives found)

No Secrets

✓ No secrets found

Development

# Run locally
node src/index.js secrets

# Run with npm
npm start secrets

# Test different scan types
node src/index.js secrets --last-commit
node src/index.js secrets --all

License

MIT