npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

nayan-ai

v1.0.0-beta.5

Published

AI powered code reviewer using Codex & Claude Code agents

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ursnjursnj

Keywords

ai-code-reviewgithub-code-reviewpull-request-reviewcodex-code-reviewclaude-code-reviewcode-review-clicode-analysisstatic-analysissecurity-reviewautomated-review

Readme

Nayan AI 🤖

A CLI tool that uses Codex or Claude Code to review GitHub Pull Requests and scan repositories for security vulnerabilities with AI-powered agentic analysis and auto-fix capabilities.

Features

PR Review

  • 🤖 Agentic Review: Uses Codex CLI or Claude Code CLI's intelligent coding agents for deep code analysis
  • 🐛 Bug Detection: Finds logic errors, null pointer issues, race conditions, and edge cases
  • 🔐 Security Analysis: Detects SQL injection, XSS, hardcoded secrets, and auth issues
  • ⚡ Performance Checks: Identifies memory leaks, N+1 queries, and unnecessary computations
  • 🛡️ Error Handling: Catches missing try/catch, unhandled promises, and silent failures
  • ✅ Test Coverage: Checks if tests are added for new functionality
  • 💬 Inline Comments: Posts review comments directly on the relevant lines of code
  • 📊 Summary Report: Provides an overview of all issues found

Vulnerability Scanning

  • 🔍 Multi-Language Support: Scans npm, Python, Go, Rust, Ruby, PHP, Java, and .NET projects
  • 🤖 AI-Powered Analysis: Uses Codex or Claude to detect vulnerabilities beyond native tools
  • 📋 CVE Tracking: Lists all CVE identifiers found in dependencies
  • 🔧 Auto-Fix: Generates fixes and creates PRs automatically with --fix flag
  • 🎯 Context-Aware Severity: Adjusts severity based on project type (bundled vs server-side)

General

  • 🖥️ Local Execution: Run from your terminal, no GitHub Actions / Jenkins required
  • 🏢 Enterprise Support: Works with GitHub Enterprise Server (auto-detected)
  • 🔒 Private Repos: Full support for private repositories

Installation

Prerequisites

  1. Node.js 18+ - Required runtime
  2. Codex CLI (default) - Login to Codex CLI first:
    npx @openai/codex login
  3. Claude Code CLI (optional) - If using --llm claude:
    claude login

Install nayan-ai

npm install -g nayan-ai

Usage

Review Command

Review a GitHub Pull Request for code issues:

nayan-ai review https://github.com/owner/repo/pull/123 --token ghp_xxx

Review Options

| Option | Description | |--------|-------------| | -t, --token | GitHub personal access token (required) | | -l, --llm | LLM provider: codex (default) or claude | | -d, --dry | Analyze without posting comments to GitHub | | -i, --inline | Post inline comments on files instead of summary |

Scan Command

Scan a GitHub repository for package vulnerabilities using native tools + AI analysis:

# Basic scan - detect and analyze all projects in the repo
nayan-ai scan https://github.com/owner/repo --token ghp_xxx

# Scan specific paths in the repo (detects all projects inside)
nayan-ai scan https://github.com/owner/repo --token ghp_xxx --paths packages/api,packages/web

# Auto-fix vulnerabilities and create a PR
nayan-ai scan https://github.com/owner/repo --token ghp_xxx --fix

# Auto-fix with custom branch name
nayan-ai scan https://github.com/owner/repo --token ghp_xxx --fix --branch nayan-ai/security-updates

Scan Options

| Option | Description | |--------|-------------| | -t, --token | GitHub personal access token (required) | | -l, --llm | LLM provider: codex (default) or claude | | -p, --paths | Comma-separated list of paths to scan for projects | | -f, --fix | Auto-fix vulnerabilities and create a PR | | -b, --branch | Branch name for fix PR (default: nayan-ai/security-fixes-<timestamp>) |

Scan Output

The scan provides:

  • Per-project vulnerabilities grouped by severity (Critical, High, Medium, Low)
  • CVE identifiers for each vulnerability
  • Suggested fixes with package version updates
  • Breaking changes warnings when applicable

Auto-Fix Workflow

When using --fix, Nayan AI will:

  1. Analyze vulnerabilities and generate fixes using AI
  2. Create a new branch with the fixes
  3. Update manifest files (package.json, requirements.txt, etc.)
  4. Commit and push changes
  5. Create a Pull Request with detailed description of all changes

Supported Project Types

| Type | Manifest | Lock Files | Native Scanner | |------|----------|------------|----------------| | npm | package.json | package-lock.json, yarn.lock, pnpm-lock.yaml | npm audit | | Python | requirements.txt | Pipfile.lock, poetry.lock | pip-audit | | Go | go.mod | go.sum | govulncheck | | Rust | Cargo.toml | Cargo.lock | cargo audit | | Ruby | Gemfile | Gemfile.lock | bundle audit | | PHP | composer.json | composer.lock | composer audit | | Java | pom.xml | - | mvn dependency-check | | .NET | *.csproj | packages.lock.json | dotnet list --vulnerable |

Context-Aware Severity

The AI adjusts vulnerability severity based on project context:

  • Bundled/Static Projects (React, Vue, Angular, SPAs):

    • DevDependencies → LOW (not in production bundle)
    • Build tools (webpack, babel, eslint) → LOW
    • Only runtime deps in client bundle → HIGH

  • Server-side Projects (Node.js APIs, Express):

    • Runtime dependencies → HIGH
    • DevDependencies → LOW

  • Libraries (npm/pypi packages):

    • Runtime deps → HIGH (affects consumers)
    • DevDependencies → LOW

License

MIT