npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

opena2a-cli

v0.10.3

Published

Unified CLI for the OpenA2A security platform

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ecolibriaecolibria

Keywords

aiagentsecurityscannermcpcredentialsidentity

Readme

OpenA2A: CLI · HackMyAgent · Secretless · AIM · Browser Guard · DVAA

opena2a

Open-source security platform for AI agents. Installed as opena2a-cli on npm.

npx opena2a-cli review
  OpenA2A Security Review  v0.8.21

  Findings
  -----------------------------------------------
  Credential scan        3 hardcoded keys
  Shadow AI              2 agents, 4 MCP servers
  Config integrity       unsigned
  Governance             no SOUL.md
  -----------------------------------------------
  Security Score   30 / 100  -> 85 by running opena2a protect

  Run: opena2a protect    (fix all findings)

Install globally if you prefer:

npm install -g opena2a-cli
brew tap opena2a-org/tap && brew install opena2a

Built-in Help

You do not need this README. The CLI has built-in discovery:

opena2a ?                           # Contextual recommendations for your project
opena2a ~shadow ai                  # Semantic search across all commands
opena2a "find leaked credentials"   # Natural language command matching
opena2a                             # Interactive guided wizard (no args)

Commands

| Command | What it does | |---------|-------------| | opena2a setup | One-command onboarding — auth, identity, MCP discovery, trust score | | opena2a review | Full security dashboard — HTML report, 6-phase assessment | | opena2a detect | Find shadow AI agents, MCP servers, AI configs. Governance score. | | opena2a detect --report | Executive HTML report | | opena2a detect --export-csv | Asset inventory for CMDB/ServiceNow | | opena2a init | Read-only security assessment with trust score | | opena2a protect | Fix everything — credentials, .gitignore, config signing | | opena2a watch | Live tail of agent activity events | | opena2a identity create | Cryptographic identity for your project | | opena2a identity mcp attach | Auto-discover and attach MCP servers | | opena2a identity integrate | Wire security tools to identity (audit + trust) | | opena2a harden-soul | Generate SOUL.md governance rules | | opena2a scan | 204 security checks via HackMyAgent | | opena2a mcp audit | Audit MCP server configurations with trust scores | | opena2a guard sign | Sign config files for tamper detection | | opena2a shield init | Full security setup — all of the above, one command |

Ecosystem

Each command routes to a specialized tool, installed on first use:

| Command | Tool | Description | |---------|------|-------------| | detect | Shadow AI | Discover AI agents, MCP servers, AI configs | | identity | AIM | Cryptographic identity, audit logs, trust scoring | | scan | HackMyAgent | 204 security checks, attack simulation, auto-fix | | secrets | Secretless AI | Credential management for AI coding tools | | mcp | MCP Security | Audit, sign, and verify MCP server configurations | | benchmark | OASB | 222 attack scenarios, compliance scoring | | train | DVAA | Vulnerable AI agent for security training |

Use Cases

Docs

Full command reference, Shield subcommands, scope drift detection, behavioral governance, credential patterns, and CI/CD examples: opena2a.org/docs

Requirements

  • Node.js >= 18
  • Optional: Docker (for opena2a train)

Telemetry

opena2a sends anonymous tier-1 usage data to the OpenA2A Registry: tool name, version, command name (check, scan, protect, etc.), success, duration, platform, Node major version, and a stable per-machine install_id. No content is collected — no scanned packages, no findings, no file paths, no env-var values, no IPs.

This is separate from the community-contribution data the Registry already collects via --publish flags; that flow continues to populate the public community page (scan submissions, findings, contributors). Telemetry just answers "is anyone running these commands at all?"

  • Policy: opena2a.org/telemetry.
  • Status: opena2a telemetry status.
  • Disable per-invocation: OPENA2A_TELEMETRY=off opena2a <anything>.
  • Disable persistently: opena2a telemetry off.
  • Audit every payload: OPENA2A_TELEMETRY_DEBUG=print opena2a <anything> echoes each event to stderr in JSON.

Fire-and-forget with a 2-second timeout — telemetry never blocks the CLI.

License

Apache-2.0

Website · Docs · Discord · GitHub