npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mendix-audit

v1.0.0

Published

Interactive VAPT Scanner for Mendix projects — detects sensitive data exposure across entities, microflows, nanoflows, and pages using MxCLI

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

karthicks07karthicks07

Keywords

mendixvaptsecurityauditscannermxclisensitive-datalow-code

Readme

🔐 MxAudit — Mendix VAPT Scanner

npm version license

MxAudit is an interactive CLI tool that performs Vulnerability Assessment and Penetration Testing (VAPT) on Mendix low-code projects. It scans your domain model for sensitive data exposure and traces attribute usage across microflows, nanoflows, and pages.

✨ Features

  • 🔍 Sensitive Data Detection — Scans entity attributes for passwords, tokens, SSN, Aadhaar, PAN, email, phone, and more
  • Nanoflow + Microflow + Page Tracing — Traces where sensitive attributes are used (Create, Change, Retrieve, TextBox, DataGrid, etc.)
  • 🎯 Module Selection — Choose which modules to scan instead of scanning everything
  • 🔑 Custom Keywords — Add your own sensitive keywords at runtime
  • 📊 Table Output — Console results displayed in a clean ASCII table
  • 📄 Multi-format Export — Export reports as CSV or styled HTML
  • 🎨 Beautiful HTML Reports — Dark-themed, styled reports with severity badges

📋 Prerequisites

  • Node.js >= 16.0.0
  • MxCLI installed and available on your system PATH
    • Download from Mendix Marketplace or your organization

🚀 Installation

npm install -g mendix-audit

💻 Usage

mendix-audit scan -p <path-to-mendix-project>

Examples

# Scan a Mendix project
mendix-audit scan -p "C:\Users\Me\Mendix\MyApp\MyApp.mpr"

# Scan with explicit VAPT type
mendix-audit scan --type VAPT -p "C:\Users\Me\Mendix\MyApp\MyApp.mpr"

Interactive Workflow

  1. Connect — MxAudit connects to your Mendix project via MxCLI
  2. Keywords — Review default sensitive patterns, optionally add custom keywords
  3. Select Modules — Pick which modules to scan (multi-select)
  4. Scan — Attributes are scanned and matched against sensitivity rules
  5. Trace — Usage is traced across microflows, nanoflows, and pages within selected modules
  6. Report — Results displayed as a formatted table in the console
  7. Export — Optionally export to CSV and/or HTML

🔑 Default Sensitivity Rules

| Pattern | Severity | Keywords | |---------|----------|----------| | Password / Token / Secret | 🔴 CRITICAL | password, token, secret | | Aadhaar / SSN / PAN | 🟠 HIGH | aadhaar, ssn, pan | | Account / IBAN / IFSC | 🟠 HIGH | account, iban, ifsc | | Phone / Mobile / Contact | 🟡 MEDIUM | mobile, phone, contact | | Email / Mail | 🟡 MEDIUM | email, mail | | Name / Address / DOB | 🟢 LOW | name, address, dob |

You can add custom keywords during the interactive scan (auto-tagged as HIGH severity).

📊 Output Formats

Console (Table)

Results are displayed as a formatted ASCII table with columns: Module, Entity, Attribute, Severity, Used In, Document, Activity.

CSV Export

Spreadsheet-friendly CSV file with timestamped filename.

HTML Export

A dark-themed, styled HTML report with:

  • Severity summary cards
  • Module-grouped tables
  • Activity type badges

🏗️ Project Structure

mendix-audit/
├── bin/
│   └── cli.js              # CLI entry point
├── src/
│   ├── scanner/
│   │   └── vaptScanner.js   # Scan orchestrator
│   ├── parser/
│   │   ├── mxcliParser.js   # Model loader (modules, entities, attributes)
│   │   └── usageParser.js   # Usage tracer (microflows, nanoflows, pages)
│   ├── rules/
│   │   └── sensitiveRules.js # Sensitivity keyword patterns
│   ├── formatter/
│   │   ├── consoleFormatter.js # ASCII table output
│   │   ├── csvExporter.js      # CSV export
│   │   └── htmlExporter.js     # HTML report export
│   └── utils/
│       ├── mxcliRunner.js      # MxCLI command wrapper
│       └── sensitiveDetector.js # Pattern matcher
├── package.json
└── README.md

📝 License

MIT © Karthick Senthilraja