npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

codesentinel-ai

v1.0.0

Published

AI-powered security scanner for your codebase. Scan for vulnerabilities, get risk scores, auto-report on GitLab MRs.

Downloads

9

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

akshaydixit9303akshaydixit9303

Keywords

securitydevsecopsgitlabclaudeaivulnerability-scannerowaspsastcode-analysisanthropicsecurity-audit

Readme

🛡️ CodeSentinel AI

Autonomous Security Agent for DevSecOps

Every day, 30,000+ developers push vulnerable code to production without knowing it. CodeSentinel watches your GitLab 24/7 — like a senior security engineer who never sleeps. The moment you push code, it analyzes, scores risk, and comments on your MR — in 30 seconds. What used to take 3 hours of manual review now takes 30 seconds. Zero human intervention.

The Problem

  • Developers push code with security vulnerabilities daily
  • Manual security reviews are slow (hours/days) and inconsistent
  • Vulnerabilities reach production before anyone notices
  • Security teams are overwhelmed and can't review every commit

The Solution

CodeSentinel AI is an autonomous security agent that:

  1. Watches your GitLab repos via webhooks
  2. Analyzes every code push using Claude AI
  3. Reports vulnerabilities directly on Merge Requests
  4. Scores deployment risk (1-10) with GO/NO-GO recommendations
  5. Alerts your team on Slack for critical issues
  6. Dashboards everything in a real-time web interface

The Impact

  • 30 seconds vs 3 hours for security review
  • Zero manual intervention after one-time setup
  • OWASP Top 10 + GDPR compliance checking built-in
  • Prevents vulnerable code from reaching production

Architecture

┌─────────────┐     Webhook (push/MR)     ┌──────────────────┐
│   GitLab    │ ──────────────────────────▶│  CodeSentinel    │
│   Repo      │                            │  Express Server  │
└─────────────┘                            │  (port 3000)     │
                                           └────────┬─────────┘
                                                    │
                              ┌──────────────────────┼──────────────────────┐
                              ▼                      ▼                      ▼
                     ┌────────────────┐   ┌──────────────────┐   ┌─────────────────┐
                     │ Security       │   │ Compliance       │   │ Risk            │
                     │ Scanner        │   │ Checker          │   │ Scorer          │
                     │ (Claude API)   │   │ (Claude API)     │   │ (Claude API)    │
                     └────────┬───────┘   └────────┬─────────┘   └────────┬────────┘
                              │                    │                      │
                              └──────────┬─────────┘──────────────────────┘
                                         ▼
                              ┌──────────────────┐
                              │ Report Generator │
                              └────────┬─────────┘
                                       │
                    ┌──────────────────┬┴───────────────────┐
                    ▼                  ▼                     ▼
           ┌──────────────┐  ┌────────────────┐  ┌──────────────────┐
           │ GitLab MR    │  │ Slack Alert    │  │ Web Dashboard    │
           │ Comment      │  │ (Critical)     │  │ (Real-time)      │
           └──────────────┘  └────────────────┘  └──────────────────┘

Setup (5 Steps)

Step 1: Clone & Install

git clone <repo-url>
cd codesentinel
npm install

Step 2: Configure Environment

cp .env.example .env

Edit .env with your keys:

ANTHROPIC_API_KEY=sk-ant-xxxxxxxxxxxxx    # From console.anthropic.com
GITLAB_TOKEN=glpat-xxxxxxxxxxxxx          # GitLab → Settings → Access Tokens
GITLAB_URL=https://gitlab.com             # Your GitLab instance
WEBHOOK_SECRET=your-secret-here           # Any secret string
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/xxx/xxx/xxx  # Optional
PORT=3000

Step 3: Start the Server

npm start
# or for development:
npm run dev

Step 4: Configure GitLab Webhook

  1. Go to your GitLab project → Settings → Webhooks
  2. URL: http://your-server:3000/webhook
  3. Secret Token: same as WEBHOOK_SECRET in .env
  4. Trigger: ✅ Push events, ✅ Merge request events
  5. Click Add webhook

Step 5: Push Code & Watch

Push code to your GitLab repo — CodeSentinel will automatically:

  • Scan changed files for vulnerabilities
  • Post a security report on your MR
  • Alert Slack if critical issues are found
  • Update the real-time dashboard

API Endpoints

| Endpoint | Method | Description | |----------|--------|-------------| | /webhook | POST | GitLab webhook receiver | | /health | GET | Server health check | | /dashboard | GET | Real-time web dashboard | | /api/results | GET | JSON scan results + stats |

Manual Scan

Scan local files without GitLab:

npm run scan -- ./path/to/code

Environment Variables

| Variable | Required | Description | |----------|----------|-------------| | ANTHROPIC_API_KEY | Yes | Claude API key | | GITLAB_TOKEN | Yes | GitLab personal access token | | GITLAB_URL | Yes | GitLab instance URL | | WEBHOOK_SECRET | Yes | Webhook validation secret | | SLACK_WEBHOOK_URL | No | Slack incoming webhook URL | | PORT | No | Server port (default: 3000) |

Tech Stack

  • Runtime: Node.js + Express
  • AI Engine: Claude API (Anthropic)
  • Integration: GitLab API v4
  • Notifications: Slack Webhooks
  • Dashboard: Vanilla HTML/CSS/JS (zero dependencies)

License

MIT