npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

infynon

v0.2.0-beta.9.0.1

Published

Security CLI for developers: scan npm/pip/cargo installs for CVEs before execution, self-hosted reverse proxy WAF with TUI, and API flow security testing across 14 ecosystems.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

alien257alien257

Keywords

securityclivulnerability-scannercvepackage-securitysupply-chain-securitywafweb-application-firewallreverse-proxyfirewallapi-testingdevsecopsdependency-scannernpm-securitypip-securitycargo-securityosvauditsecurity-scannerintegration-testingrate-limiterip-filtersecurity-proxypackage-managerdeveloper-tools

Readme

INFYNON

INFYNON is a CLI for:

  • package security with infynon pkg
  • API flow testing with infynon weave
  • repo memory & provenance with infynon trace

npm License: MIT GitHub Docs Claude Code

Website: cli.infynon.com Claude Code companion: d4rkNinja/code-guardian

Install

npm (recommended)

npm install -g infynon

This package downloads the matching native binary for your OS and architecture.

Other install methods

cargo install infynon                                          # Rust (crates.io)
go install github.com/d4rkNinja/infynon-cli/go@latest          # Go
curl -fsSL https://raw.githubusercontent.com/d4rkNinja/infynon-cli/main/scripts/install.sh | bash  # Linux/macOS

Good Fit For

  • teams doing AI-assisted or high-speed coding
  • backend teams testing stateful API workflows
  • repos where package ownership and handoff context matter
  • developers who want one CLI instead of three disconnected tools

Why INFYNON Exists

INFYNON was created because modern repos usually hit three problems at the same time:

  • dependencies move faster than teams can review them
  • API testing breaks when workflows span multiple requests
  • provenance gets lost between branches, PRs, and different machines

Instead of solving only one of those, INFYNON groups them under one CLI.

What INFYNON Includes

| Area | Command | Best For | What It Solves | |---|---|---|---| | Package Security | infynon pkg | scanning, safe installs, remediation, monitoring | risky dependencies, invisible installs, version exposure | | API Flow Testing | infynon weave | multi-step API execution and validation | brittle request scripts, missing flow context, runtime probes | | Repo Memory & Provenance | infynon trace | handoffs, package ownership, branch/PR/file/package notes, TUI inspection | lost context across people, PRs, branches, and machines |

How the workflow fits together

  • pkg checks what is entering the system
  • weave tests how the real API path behaves
  • trace preserves who changed what, why it changed, and what the team knew at the time

Best With Claude Code

Trace works best with code-guardian when you want Claude Code to pull the latest handoff context before work and update it again after the task.

  • Claude Code companion: d4rkNinja/code-guardian
  • good fit for Claude Code hook-based Trace workflows
  • gives Trace a practical agent-side bridge instead of leaving context updates fully manual

Comparison Table

| Workflow Need | Typical Pain | INFYNON Answer | |---|---|---| | dependency safety | install first, understand later | pkg scans, audits, and supports stricter install workflows | | API flow confidence | one request works, the full workflow fails | weave models and runs the whole flow | | repo provenance | context is scattered and stale | trace keeps it structured, queryable, and inspectable |

Command Areas

infynon pkg

Use this when the problem is packages.

  • scan lockfiles for vulnerable packages
  • secure install wrapper for multiple ecosystems
  • audit, why, outdated, diff, doctor, fix, clean, migrate
  • Eagle Eye scheduled package monitoring
infynon pkg scan
infynon pkg audit
infynon pkg npm install express --strict high

infynon weave

Use this when the problem is API behavior across multiple steps.

  • create API nodes and flows
  • run connected request chains
  • import OpenAPI
  • prompt for runtime values
  • run AI-assisted security probes
infynon weave env set BASE_URL http://localhost:8001
infynon weave flow create "checkout" --ai "login then create order"
infynon weave flow run checkout

infynon trace

Use this when the problem is repo memory, handoff context, and package provenance.

  • canonical, team, and user memory layers
  • Redis or SQL backends
  • package notes that identify who introduced a compromised dependency
  • sync, retrieve, compact, and TUI inspection
  • designed to pair with the code-guardian Claude Code companion
  • branch-wise knowledge graph with auto-build from git history
  • graph queries: path finding, impact analysis, orphan detection, branch diff
  • export to JSON and Graphviz DOT
  • interactive graph TUI with entity/edge editing and branch switching
infynon trace init --owner team --user alien
infynon trace source add-sql team-db --engine sqlite --url sqlite://.infynon/trace/trace.db --user alien --default
infynon trace note add repo-handoff --title "Auth changed" --body "Refresh moved into middleware"
infynon trace sync --direction both
infynon trace tui
infynon trace graph build
infynon trace graph show --branch main
infynon trace graph tui

Claude Code companion: d4rkNinja/code-guardian

Head-to-Head Comparison

infynon pkg vs Alternatives

| Feature | infynon pkg | npm audit | Snyk CLI | Socket CLI | OSV-scanner | |---|:---:|:---:|:---:|:---:|:---:| | Secure install wrapper | ✓ | — | — | ~ npm only | — | | 14 ecosystems in one scan | ✓ | — | ~ | ~ | ~ | | Block installs via strict mode | ✓ | — | — | ~ npm only | — | | Scheduled CLI monitoring | ✓ | — | ~ server-side | — | — | | PDF + Markdown report export | ✓ | — | — | — | — | | Package version diff | ✓ | — | — | — | — | | Per-package install decisions | ✓ | — | — | — | — | | Auto-fix / remediation | ✓ | ~ basic | ✓ | ✓ | — | | No SaaS account required | ✓ | ✓ | — | ~ | ✓ |

infynon weave vs Alternatives

| Feature | infynon weave | Postman | Hoppscotch | Bruno | Insomnia | |---|:---:|:---:|:---:|:---:|:---:| | Terminal TUI | ✓ | — | — | — | — | | Runtime prompts (OTP / 2FA) | ✓ | — | ~ | — | — | | Built-in AI security probes | ✓ | — | — | — | — | | AI-assisted flow creation (CLI) | ✓ | ~ GUI only | ~ GUI / alpha | — | — | | Visual flow graph in terminal | ✓ | — | — | — | — | | Run diff (side-by-side) | ✓ | — | — | ~ paid | — | | Context threading between nodes | ✓ | ✓ | ✓ | ✓ | ✓ | | OpenAPI / Swagger import | ✓ | ✓ | ✓ | ✓ | ✓ | | Offline, no account required | ✓ | — | ✓ | ✓ | ~ |

infynon trace vs Alternatives

| Feature | infynon trace | GitHub Wiki | Notion | Confluence | Obsidian | |---|:---:|:---:|:---:|:---:|:---:| | Native CLI | ✓ | — | ~ 3rd party | ~ ACLI | ✓ | | Branch / file / package scoping | ✓ | — | — | — | — | | Package ownership tracking | ✓ | — | — | — | — | | Redis + SQL backend choice | ✓ | — | — | — | — | | Multi-layer memory (team / user / canonical) | ✓ | — | — | — | — | | Terminal TUI inspection | ✓ | — | — | — | — | | Claude Code native integration | ✓ | — | ~ MCP | — | ~ | | Structured retrieval by scope | ✓ | — | — | — | — | | Bidirectional sync via CLI | ✓ | — | ~ | ~ | ✓ | | Branch-wise knowledge graph | ✓ | — | — | — | — |

= supported · ~ = partial or limited · = not supported

Backend Choice For Trace

| Backend | Better For | |---|---| | Redis | fast live retrieval, active session state, lower-latency coordination | | SQL | durable structured history, stronger filtering, canonical memory |

Documentation

Comparison Blogs

Recommended Stack

INFYNON CLI + Trace + code-guardian

Use that stack when you want:

  • package risk scanning with pkg
  • workflow-level API testing with weave
  • structured repo context with trace
  • Claude Code automation around Trace retrieval and updates through code-guardian

License

MIT