npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

codeprobe-scanner

v2.0.0

Published

Automated vulnerability scanner with exploit verification and video evidence

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

nachikethreddyynachikethreddyy

Keywords

Readme

CodeProbe Scanner 🔍

Full-stack vulnerability scanner with automatic code fixing and Kimi AI patch generation.

CodeProbe is an advanced security scanner that analyzes both your npm dependencies AND your actual source code to find and automatically fix security vulnerabilities. It combines CVE detection, SAST analysis, and AI-powered patch generation into one unified tool.

✨ Key Features

🔍 Dual-Layer Vulnerability Detection

  • Dependency Scanning — Checks npm packages against OSV.dev + npm advisory databases
  • Source Code Analysis (SAST) — Scans actual code for 7+ vulnerability patterns

🔐 Detects & Fixes

  • Hardcoded secrets → Replaced with process.env
  • SQL injection patterns
  • Command injection vulnerabilities
  • XSS vulnerabilities
  • Path traversal issues
  • Insecure random generation
  • Insecure eval/Function() usage

🔧 Automatic Fixing

  • Source Code Fixes — Repairs vulnerabilities in your code automatically
  • Package Updates — Suggests and applies secure versions
  • Kimi LLM Integration — Generates intelligent patches using AI

🏗️ Recursive Scanning

  • Automatically finds all package.json files in subdirectories
  • Perfect for monorepos and multi-package projects
  • Aggregates results across all packages

📊 Comprehensive Reporting

  • Risk score calculation (0-10)
  • CVE severity and exploitability
  • Proof-of-concept recordings
  • Recent security threat alerts

🚀 Installation

Global Installation

npm install -g codeprobe-scanner

Project Installation

npm install --save-dev codeprobe-scanner

Run Without Installing

npx codeprobe-scanner scan .

⚡ Quick Start

1. Set Up Kimi API (Recommended)

Get your API key from Kimi Platform:

# Option A: CLI Configuration
codeprobe config set kimi_api_key sk-YOUR_KEY_HERE

# Option B: Environment Variable
export KIMI_API_KEY=sk-YOUR_KEY_HERE

# Option C: Manual Configuration
# Edit ~/.codeprobe/config.json and add your key

2. Scan Your Project

Find vulnerabilities:

codeprobe scan .

Find AND fix vulnerabilities:

codeprobe scan . --fix

📖 Usage Examples

Basic Vulnerability Scan

$ codeprobe scan .

⚡ CodeProbe v1.0.20
🔍 Searching for package.json files...
   Found 1 package.json file(s)

📂 Scanning: .
📦 Parsing dependencies...
   Found 8 dependencies
🔍 Checking OSV.dev + npm advisory database...
   Found 13 CVEs

🔐 Analyzing source code for vulnerabilities...
   Found 4 potential vulnerabilities

────────────────────────────────────────────
SCAN COMPLETE
Risk Score: 2.2/10 (LOW)
Confirmed Exploitable: 0 | Theoretical Risk: 13
Patches Available: 1/13
Duration: 1s

Automatic Vulnerability Fixing

$ codeprobe scan . --fix

🔧 Applying source code fixes...
   ✓ Fixed 1 issues in server.js
   ✓ Fixed 3 issues in seed.js
   Applied 4 code fixes

📝 Fixed vulnerabilities:
   - server.js:28 - Hardcoded Secret
   - seed.js:16 - Hardcoded Secret
   - seed.js:17 - Hardcoded Secret
   - seed.js:18 - Hardcoded Secret

Undo AI Changes

$ codeprobe scan . --undo

↩️  Reverting AI-made changes...

📦 Reverting package.json updates...
   ✓ package.json reverted
🔧 Reverting source code fixes...
   ✓ All code changes reverted

✓ Undo complete! Review changes with: git status

Configuration Management

# Set API keys
codeprobe config set kimi_api_key sk-YOUR_KEY
codeprobe config set github_token ghp_YOUR_TOKEN
codeprobe config set bright_data_api_key YOUR_KEY

# View configuration
codeprobe config get kimi_api_key

# Clear configuration
codeprobe config clear kimi_api_key

🛠️ Commands

codeprobe scan [path]

Scans for vulnerabilities in dependencies and source code.

| Flag | Description | |------|-------------| | --fix | Auto-fix vulnerabilities in code + update packages | | --undo | Revert all AI-made changes from the last scan | | --json | Output results as JSON | | --verbose | Show detailed logs |

codeprobe report

Shows the last scan results from ~/.codeprobe/scans/latest.json.

codeprobe config

Manage configuration:

codeprobe config set <key> <value>
codeprobe config get <key>
codeprobe config clear <key>

🔐 How It Works

Scan Pipeline

1️⃣ Discovery
   Find all package.json files recursively
        ↓
2️⃣ Dependency Scanning
   Parse packages → Check CVE databases
        ↓
3️⃣ Source Code Analysis
   Scan .ts/.js files → Detect security patterns
        ↓
4️⃣ Exploit Verification
   Test vulnerabilities in sandboxes (Daytona)
        ↓
5️⃣ Patch Generation
   Generate fixes using Kimi LLM
        ↓
6️⃣ Risk Scoring & Reporting
   Calculate risk → Save results
        ↓
7️⃣ Auto-Fixing (if --fix flag)
   Replace secrets → Update packages → Commit

📋 Vulnerability Types

| Type | Detection | Automatic Fix | |------|-----------|---| | Hardcoded Secrets | API keys, passwords, tokens | ✅ Replace with process.env | | Command Injection | Unescaped shell commands | ✅ Add proper escaping | | SQL Injection | Dynamic SQL queries | ⚠️ Suggest parameterized queries | | XSS | innerHTML, dangerouslySetInnerHTML | ✅ Use textContent | | Insecure Random | Math.random() for security | ✅ Use crypto.randomBytes() | | Path Traversal | Unvalidated file paths | ⚠️ Suggest validation | | Insecure Eval | eval(), Function() usage | ⚠️ Suggest alternatives |

⚙️ Configuration

Config File

~/.codeprobe/config.json

API Keys (Encrypted)

{
  "kimi_api_key": "sk-...",
  "github_token": "ghp_...",
  "bright_data_api_key": "...",
  "daytona_api_key": "..."
}

All secrets are encrypted using AES-256-GCM.

Environment Variables (Override Config)

export KIMI_API_KEY=sk-...
export GITHUB_TOKEN=ghp_...
export BRIGHT_DATA_API_KEY=...
export DAYTONA_API_KEY=...

🔒 Security

Built-In Security Features

  • Encrypted Config — API keys encrypted in ~/.codeprobe/config.json
  • No Hardcoded Secrets — Detects and fixes credentials in code
  • Command Injection Prevention — Proper shell escaping
  • Secure Random — Uses crypto.randomBytes()
  • Full SAST Analysis — Comprehensive source code scanning
  • Zero Vulnerabilities — See SECURITY_AUDIT.md

Privacy

  • Scans run locally on your machine
  • Reports saved to ~/.codeprobe/scans/ (private)
  • Kimi only called for patch generation (configurable)

📁 Output Files

Scan Reports

~/.codeprobe/scans/
├── scan_<timestamp>.json   # Individual scans
└── latest.json             # Latest scan

Fixed Code

.proofs/
├── CVE-2022-29078_timestamp.json
└── ...

🚀 Advanced Usage

Monorepo Scanning

codeprobe scan /path/to/monorepo
# Automatically finds and scans all package.json files

JSON Export

codeprobe scan . --json > report.json

Verbose Output

codeprobe scan . --verbose

Undo Previous Changes

# Revert all AI-made fixes from the last scan
codeprobe scan . --undo

Combined Options

codeprobe scan . --fix --verbose --json

🐛 Troubleshooting

"No Kimi API key configured"

codeprobe config set kimi_api_key sk-YOUR_KEY

"No package.json files found"

Make sure your project has a package.json file.

"Uncommitted changes detected"

After --fix, commit the changes:

git add -A
git commit -m "Security fixes: patch vulnerabilities"

📊 Performance

| Task | Time | |------|------| | Dependency scanning | 1-3s | | Source code analysis | <1s per 100 files | | Exploit verification | 2-10s | | Patch generation | 5-15s | | Total | 1-30s |

🏗️ Project Structure

src/
├── cli/           # CLI commands and interface
├── engine/        # Core scanner modules
│   ├── parser.ts      # Package parsing
│   ├── scraper.ts     # CVE database queries
│   ├── sast.ts        # Source code analysis
│   ├── code-fixer.ts  # Automatic code fixing
│   ├── patcher.ts     # Patch generation (Kimi)
│   └── sandbox.ts     # Exploit verification
├── shared/        # Types and utilities
├── api/           # REST API (optional)
└── integrations/  # Daytona, VideoDB, etc.

📚 Examples

Scan Your Project

codeprobe scan .

Fix All Vulnerabilities

codeprobe scan . --fix
git add -A && git commit -m "Security fixes"
git push

Scan Monorepo

codeprobe scan ./monorepo

Export as JSON

codeprobe scan . --json | jq '.summary'

🔗 Integration

GitHub Actions

name: Security Scan
on: [push, pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - run: npx codeprobe-scanner scan --json

Pre-commit Hook

#!/bin/sh
codeprobe scan . || exit 1

📄 License

MIT License - See LICENSE file

🙏 Contributing

Contributions welcome! Please:

  1. Fork the repository
  2. Create a feature branch
  3. Submit a pull request

📞 Support

📝 Changelog

v1.0.20

  • ✨ Integrated SAST code vulnerability scanning
  • ✨ Automatic source code fixing
  • 🔒 Fixed code fixer to actually apply fixes
  • 🔒 Kimi as primary patch generator

v1.0.19

  • ✨ Full codebase scanning
  • ✨ Automatic code fixing

v1.0.18

  • ✨ Security audit (0 vulnerabilities found)

v1.0.17

  • ✨ Kimi patch generation enabled
  • 🔧 Fixed patches_available reporting

v1.0.16

  • ✨ SAST scanner implementation
  • 🔒 Fixed security vulnerabilities

v1.0.15

  • ✨ Recursive package.json scanning

v1.0.14

  • 🔒 Fixed VideoDB proof recording

CodeProbe: Security, Simplified 🚀

GitHub | npm | Issues