npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

codex-security-audit-skill

v1.0.0

Published

Codex skill for practical security audits of codebases, SaaS apps, APIs, and MVPs.

Downloads

66

Readme

Codex Security Audit Skill

A Codex skill for practical security audits of codebases, SaaS apps, APIs, mobile apps, and MVPs before launch.

Install From GitHub

npm install -g github:Kappaemme-git/codex-security-audit-skill
codex-security-audit-skill

Or run without a global install:

npx github:Kappaemme-git/codex-security-audit-skill

After the package is published to npm, users can install it with:

npm install -g codex-security-audit-skill
npx codex-security-audit-skill

The installer copies the skill to:

~/.codex/skills/codex-security-audit-skill

Restart Codex or open a new chat if the skill autocomplete does not refresh immediately.

Use

In Codex, open a project and ask:

Use codex-security-audit-skill on this project.
Check secrets, auth, authorization, API routes, CORS, payments, webhooks, file uploads, logging, dependencies, and deploy config.
Give me confirmed findings, risk level, and the fastest safe fix plan.

You can also ask Codex to implement fixes:

Use codex-security-audit-skill and implement the Critical and High fixes.

What It Checks

  • Exposed secrets and hardcoded credentials
  • Authentication and session risks
  • Authorization and multi-tenant data access bugs
  • Input validation and injection risks
  • CORS, CSRF, headers, and rate limits
  • File upload handling
  • Payment and webhook verification
  • Dependency and supply-chain hygiene
  • Logging, privacy, and production config issues

Included Utility

The skill includes a lightweight local secret-pattern scanner:

python3 ~/.codex/skills/codex-security-audit-skill/scripts/scan_secrets.py /path/to/project

The scanner output is only a first pass. Treat matches as leads that need code review.