npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

n8n-nodes-whisper

v0.4.1

Published

n8n community node for Whisper agent identity and the whisper.security graph: register agents with routable IPv6 /128s, set DNS resolver policy, read logs, get egress config, keyless identity verification + RDAP, plus raw Cypher and 29 named graph recipes

Readme

n8n-nodes-whisper

Provision, govern and inspect Whisper agent identities from an n8n workflow — give an agent a real, routable IPv6 identity, set its DNS policy, read its activity, and verify any agent, all with your own Whisper key. Plus the full whisper.security graph: raw Cypher and 29 named recipes (threat posture, typosquats, attack surface, BGP hygiene and more) as native operations.

Install

In n8n: Settings → Community Nodes → Install, then enter:

n8n-nodes-whisper

Credential — bring your own key

The control operations use a Whisper API credential: your own key (typically whisper_live_…). Create one at https://whisper.online/platform, then in n8n add a Whisper API credential and paste the key. It is sent as the X-API-Key header to the control plane — the same header the whisper CLI uses — and nothing is baked into the node.

The two keyless operations (Verify Identity, RDAP Lookup) read only public data and need no credential at all.

Operations

| Operation | Key | What it does | |---|:--:|---| | Register Agent | ✔ | Mint a brand-new agent with its own routable IPv6 /128 and its own API key (returned once). | | Create Identity | ✔ | Allocate a routable /128 identity under your own tenant. | | List Agents | ✔ | List the agents / identities / records in your tenant. | | Get Agent | ✔ | One agent's detail + live counters, by id or /128. | | Set Policy | ✔ | Set your per-tenant DNS resolver policy (default action + allow/deny lists). With no changes, reads the current policy. | | Get Logs | ✔ | Recent DNS / connection / allocation activity. | | Revoke Agent | ✔ | Fully revoke an agent — withdraw its /128, PTR, tokens and key. Irreversible. | | Get Egress Config | ✔ | An agent's egress connect details bound to its /128 (see Egress below). | | Verify Identity | — | Trust verdict for an address: is_whisper_agent, fqdn, operator, tenant, dane_ok, jws_ok, evidence. | | RDAP Lookup | — | RFC 9083 RDAP record (or its transparency log / inbound lookups). |

Every control operation is the one Cypher verb whisper.agents({op:…}), POSTed to the control plane. The exact request/response contract is documented in CONTROL_API.md.

The Graph resource - query the whisper.security graph

Switch Resource to Graph and the node speaks to the whisper.security security graph itself (3.6B+ nodes of DNS/BGP/WHOIS/threat intelligence). Every Graph operation is keyed (same Whisper API credential).

Run Cypher sends arbitrary Cypher with $parameters to the graph query API - see the Cypher API docs:

  • Cypher: CALL whisper.identify([$v]) YIELD host, canonical_name, category
  • Parameters (JSON): { "v": "api.openai.com" }

Each result row comes back as one n8n item.

The named recipes below come straight from the Whisper graph catalog. Procedures run a single graph call and emit one item per row; flows are multi-step investigations run by the Whisper engine - the node streams every step back as an item (start / step-start / step / graph / complete), each step carrying its bound Cypher, columns and rows. Every field is pre-filled with a documented example, so each recipe runs out of the box.

| Operation | Kind | What it does | Docs | |---|---|---|---| | Threat Posture (whisper.assess) | procedure | Get a labelled threat posture for a host or IP - malicious, benign, or unknown. | docs | | AS-SET Membership (whisper.asSet) | procedure | List the member ASNs of an AS-SET macro. | docs | | Graph Schema Catalog (db.schema) | procedure | List every node and relationship type in the graph with counts and examples. | docs | | Threat-Feed Explainer (whisper.explain / explain) | procedure | Score an indicator against the threat feeds and explain exactly why. | docs | | WHOIS History Timeline (whisper.history) | procedure | Get the full historical WHOIS timeline for a domain. | docs | | WHOIS History (projection) (whisper.history.whois) | procedure | Get the WHOIS-only historical timeline for a domain. | docs | | Vendor / Operator Identity (whisper.identify) | procedure | Name the vendor and operator role behind a host or IP in one call. | docs | | Tor Exit-Relay Lookup (whisper.lookupTorRelay) | procedure | Check whether an IP is a known Tor exit relay. | docs | | CDN-Origin De-cloaker (whisper.origins) | procedure | Find the real origin IPs behind a CDN-fronted domain, ranked by confidence. | docs | | PSL Private-Suffix Affiliation (whisper.psl.affiliation) | procedure | Check whether a domain is a PSL private-section suffix and who submitted it. | docs | | Registrable Apex (whisper.psl.tldPlusOne) | procedure | Reduce any hostname to its registrable apex (eTLD+1) via the Public Suffix List. | docs | | Submit Observation / Feedback (whisper.submit) | procedure | Contribute an indicator observation or feedback back into the graph (requires an API key). | docs | | Typosquat Variant Generator (whisper.variants) | procedure | Generate look-alike domain variants of a brand and see which are registered. | docs | | Vendor Attribution Walk (whisper.walk) | procedure | Walk the graph to the nearest known vendors behind a host, with the channel and confidence. | docs | | Anycast DNS-Root Sovereignty | flow | Assess how resilient a country's core DNS is if it were cut off from the world. | docs | | Attack Path & Connection Finder | flow | Find the choke points an attacker would target - and how any two things connect. | docs | | Attack-Surface Mapper | flow | Map everything about a domain that's exposed to the outside world, scored for risk. | docs | | BGP Hijack & Routing-Hygiene Audit | flow | Grade a network's routing security and trace conflicts to the domains they'd expose. | docs | | Dependency Blast Radius | flow | Pick one asset and see what would break if it failed - and what it depends on in turn. | docs | | Takedown Evidence Package | flow | Assemble a ready-to-submit dossier for taking down a scam or phishing domain. | docs | | AI / Agent Infrastructure Discovery | flow | Map an organisation's externally visible AI and agent endpoints from the outside. | docs | | Threat Investigation | flow | Investigate one suspicious domain, IP, or network in depth and get a clear picture of the threat and everything connected to it. | docs | | Indicator Enrichment | flow | Turn one domain or IP into a full context card - owner, hosting, mail, location, reputation at a glance. | docs | | Digital Infrastructure Mapping | flow | Trace one indicator to its true owner and full estate, even behind privacy screens and CDNs. | docs | | Infrastructure Concentration & Resilience | flow | Grade an organisation for over-reliance on single providers, regions, or facilities. | docs | | Nameserver & DNS Delegation Audit | flow | Check a domain's name servers for the misconfigurations that enable DNS hijacking. | docs | | Network & Routing Report | flow | Profile a network or address block into a full routing and reachability health card. | docs | | Subdomain Takeover Detection | flow | Find subdomains that point at abandoned services an attacker could claim. | docs | | Typosquat & Brand-Impersonation Scanner | flow | Find registered look-alikes of your brand and check which ones are dangerous. | docs |

To regenerate the recipe surface after a catalog update: node scripts/generate-graph-catalog.mjs <path-to-catalog.json>.

Egress — run your n8n agents on the Whisper network

Every Whisper agent has a routable IPv6 /128 in 2a04:2a01::/32 (AS219419). To make an n8n HTTP Request actually leave from that /128 (so the destination sees the agent's identity, and reverse-DNS/DANE prove who it is), run the egress locally on the n8n host — the credential stays on the host and never enters the workflow:

  1. Install the CLI on the n8n host (once):

    curl -fsSL https://get.whisper.online | sh
  2. Bring up the egress bound to your agent's /128. It prints one bearer-free local proxy string and holds it open:

    whisper connect --agent <agent-id-or-/128>
    # → socks5h://127.0.0.1:1080
  3. Point n8n at it. Either set the proxy for the whole n8n process:

    export HTTP_PROXY=http://127.0.0.1:1080
    export HTTPS_PROXY=http://127.0.0.1:1080
    # then start n8n

    …or set Proxy on an individual HTTP Request node to socks5h://127.0.0.1:1080. Every request through it now sources from the agent's Whisper /128.

Use Get Egress Config in a workflow to fetch which agent//128 you'd egress as (the raw proxy bearer / WireGuard key is stripped by default — enable Include Raw Credentials only if you understand it will appear in the workflow data). Actual egress always runs via whisper connect on the host, per the steps above.

Use as an AI tool

This node is enabled as an AI Agent tool (usableAsTool). Drop it onto an AI Agent node and your agent can register a fresh identity for itself, set its own DNS policy, or verify a peer — the frictionless-agent-identity story, inside n8n.

Example — Verify Identity

Input 2a04:2a01:b69a:6717:e3b0:51ff:3bf7:f478 returns:

{
  "is_whisper_agent": true,
  "fqdn": "…agents.whisper.online",
  "operator": "…",
  "tenant": "…",
  "dane_ok": true,
  "jws_ok": true,
  "evidence": { "address": "2a04:2a01:b69a:6717:e3b0:51ff:3bf7:f478", "ptr": "…ip6.arpa" }
}

A non-agent address returns {"is_whisper_agent": false, …} with a plain-language detail. (For an RDAP lookup, an address that anchors no identity returns the standard RDAP 404 object, per RFC 9083.)

Links

License

MIT © viaGraph B.V. (Whisper Security)