npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

nicefox-secu

v1.4.1

Published

Zero-config AI-powered security review for web developers

Downloads

818

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

nicefoxnicefox

Keywords

pentestsecuritypentestingweb-securityapi-securityaiexegolvulnerability-scanner

Readme

NiceFox Secu

AI-powered security review for web developers. Find vulnerabilities, fix them in your code, verify the fixes — all in one session.

Zero security experience needed. Works with any AI coding agent: Claude Code, Codex, opencode, Cursor, Kimi, aider...

Based on the AIDA methodology.

Quick Start

1. Run NiceFox Secu

From your project directory:

npx nicefox-secu

On first run, this builds the security toolkit (~1GB Docker image, takes ~2-3 min once).

2. Start the Security Review

Open your AI coding agent and paste:

Read ~/.nicefox/REVIEW.md and start the security review

The AI will:

  1. Auto-detect your framework, target URL, and environment (dev/prod)
  2. Ask you to confirm — one question instead of a setup wizard
  3. Review your app (recon, endpoint mapping, vulnerability testing)
  4. Fix each vulnerability directly in your source code
  5. Verify each fix by re-testing
  6. Print a summary of what was found and fixed

What You Need

  • Docker — https://docs.docker.com/get-docker/
  • An AI coding agent — Claude Code, Codex, opencode, Cursor, Kimi, aider...

That's it.

Example

$ cd ~/projects/my-express-api
$ npx nicefox-secu

  NiceFox Secu
  AI-powered security review for web developers

  ✓ Docker is running
  ✓ Security toolkit image ready
  ✓ Toolkit container running
  ✓ Prompt installed

  Ready! Open your AI coding agent from your project directory and paste:

    Read ~/.nicefox/REVIEW.md and start the security review

$ claude  # or opencode, cursor, codex, aider...

> Read ~/.nicefox/REVIEW.md and start the security review

AI: Detected: Express.js project, target http://localhost:3000, dev mode.
    Start the security review? (Y/n)

You: Y

AI: [scanning, testing, fixing...]

AI: Found VULN-001: SQL Injection in POST /api/search (CRITICAL)
    Fixing src/routes/search.js — parameterized query...
    Fix verified.

AI: Found VULN-002: Missing rate limiting on POST /api/login (MEDIUM)
    Fixing src/routes/auth.js — adding express-rate-limit...
    Fix verified.

AI: Assessment complete.
    2 vulnerabilities found, 2 fixed, 0 require manual attention.

Environment Modes

Development (auto-detected when target is localhost):

  • Aggressive scanning, all exploitation techniques allowed
  • AI edits your source code directly to fix vulnerabilities
  • Full tool suite

Production (auto-detected when target is a real domain):

  • Non-destructive tests only, rate limits respected
  • AI documents recommended fixes but does NOT edit code
  • Extra caution on risky tests

Included Tools

The security toolkit Docker image ships with:

| Category | Tools | |---|---| | Recon | nmap, subfinder | | Vuln scanning | nuclei | | Web discovery | ffuf | | Parameters | arjun | | SQL injection | sqlmap | | XSS | dalfox | | API testing | httpie, curl | | JWT | jwt_tool | | Brute force | hydra | | Wordlists | SecLists (Discovery, Fuzzing, Passwords) |

Safety

  • Always test against a dev/staging environment first
  • Never test production systems without explicit authorization
  • Backup your code before running (or just use git — you do use git, right?)
  • The AI will not modify production code — it only documents fixes in prod mode

Troubleshooting

Rebuild the toolkit image

docker rm -f nicefox-tools        # Remove container
docker rmi nicefox-tools           # Remove image
npx nicefox-secu                   # Rebuilds from scratch

Tools not responding

docker exec nicefox-tools nmap --version    # Test a tool manually

macOS / Windows networking

If tools can't reach your local app, the AI will automatically use host.docker.internal instead of localhost — this is handled in the prompt.

License

MIT — Use at your own risk. Only test systems you own or have explicit permission to test.

Credits

Based on AIDA (AI-Driven Security Assessment), simplified for web developers.