npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

opensec-intelligence

v3.2.0

Published

Local-first, multi-agent AI security scanner. Finds vulnerabilities. Writes the patches. Free forever.

Downloads

127

Readme

The world's first local-first, multi-agent AI security engine. Free forever. No API keys. Runs on your machine.

The Security Layer Claude Code Doesn't Have

npm version npm downloads License: MIT Powered by Ollama Built by Prabinder Singh

Built by Prabinder Singh — B.Tech CS, Thapar Institute · Founder, Leorit.ai

Quickstart · How it works · Agents · Skills · MCP · Models


What is OpenSec Intelligence?

Claude Code writes your code. OpenSec Intelligence secures it.

💬 "Claude Code writes your code. OpenSec Intelligence makes sure it doesn't get hacked."

A four-agent AI pipeline that scans your entire codebase — code, infrastructure, secrets, configs — finds real vulnerabilities, validates them with consensus scoring, and writes the exact patches. Runs completely free on your machine with Ollama. No data leaves your environment.

npm install -g opensec-intelligence
ollama pull qwen2.5-coder:14b
opensec scan ./

Why it beats everything else

| | Claude Code | OpenSec Intelligence | |---|---|---| | Security scanning | ❌ Not built for it | ✅ Purpose-built, 4-agent pipeline | | Cost | $20/month | Free forever | | Local/private | ❌ Cloud only | ✅ 100% on your machine | | Fixes vulnerabilities | ❌ | ✅ Writes exact patches | | Proves exploits work | ❌ | ✅ Exploit + patch verification | | Multi-model consensus | ❌ | ✅ 3+ models validate each finding |

| | Existing tools | OpenSec Intelligence | |---|---|---| | Models | Single model, trust blindly | 4-agent pipeline, consensus validated | | Scope | Code files only | Code + Docker + k8s + Terraform + secrets + OpenAPI | | Cost | $$$ per scan | Free forever with Ollama | | Privacy | Code sent to cloud | Zero data leaves your machine | | False positives | High | Filtered by 0.7+ confidence threshold | | Fixes | Suggestions only | Writes the exact patch. Asks approval. Commits. | | Exploit verification | None | Generates exploit, runs it, verifies patch closes it | | Cross-file reasoning | None | Correlates findings across your entire system |


Quickstart

# 1. Install
npm install -g opensec-intelligence

# 2. Pull a model (free, runs locally)
ollama pull qwen2.5-coder:14b

# 3. Scan your repo
opensec scan ./

# Quick sweep only
opensec scan ./ --quick

# Maximum accuracy (uses cloud for analyst + consensus)
opensec scan ./ --cloud

# Apply all validated fixes
opensec fix

# Generate HTML security report
opensec report

How it works

Your codebase
      │
      ▼
┌─────────────┐
│   Scanner   │  Maps attack surface — every .py .js .ts .go .env
│             │  Dockerfile *.yaml *.tf openapi.* *.pem *.key
└──────┬──────┘
       │ structured JSON
       ▼
┌─────────────┐
│   Analyst   │  OWASP Top 10 · injection · auth bypass · secret leakage
│             │  Cross-modal: weak auth + exposed port + public endpoint
└──────┬──────┘  = one elevated CRITICAL finding
       │ findings JSON
       ▼
┌─────────────┐
│  Consensus  │  Re-examines every HIGH/CRITICAL independently
│             │  Confidence score 0.0–1.0 · filters below 0.7
└──────┬──────┘  Adds exploit scenario + CVSS estimate
       │ validated findings
       ▼
┌─────────────┐
│    Fixer    │  Writes exact patches · before/after diff
│             │  Asks approval before each write · git commits
└─────────────┘

The insight: Single-model tools hallucinate. OpenSec's consensus layer means every HIGH finding was independently confirmed. If 3 models agree — you fix it. If only 1 does — it gets filtered.


The prove loop — what makes OpenSec different

Other tools find vulnerabilities. OpenSec proves they're real, then proves the patch works.

🔍 Vulnerability Found
🔴 Exploit Successfully Executed
🔧 AI Generated Patch
✅ Exploit Blocked After Patch
   Verification Complete
# Run the full prove loop on HIGH/CRITICAL findings from your last scan
opensec prove ./

# Show the generated exploit code
opensec prove ./ --show-exploit

# Dry run: generate + run exploit but skip patching
opensec prove ./ --dry-run

What happens under the hood:

  1. 🔍 Vulnerability Found — deterministic scanner + LLM consensus identifies and confirms the finding
  2. 🔴 Exploit Successfully Executed — a local LLM writes a minimal runnable script that triggers the vulnerability; it runs in a sandboxed subprocess and prints EXPLOITED: if confirmed
  3. 🔧 AI Generated Patch — the Fixer agent synthesizes the exact fix and applies it silently
  4. ✅ Exploit Blocked After Patch — the same exploit re-runs against the patched code; it must NOT fire
  5. Verification Complete — proof saved to .opensec/proofs/<id>.json for audit

Safety: Exploits run in an isolated subprocess with a minimal environment — real credentials and shell variables are never passed in. eval()/Function() string codegen is disabled inside the subprocess. Network access and filesystem writes outside /tmp are blocked before execution. Exploit files are deleted immediately after use.

⚠️ Do not run opensec prove on untrusted or adversarial code. Scanned file content is embedded in the LLM prompt; a file containing crafted LLM directives could influence the generated exploit. The subprocess sandbox reduces but does not eliminate this risk — full isolation requires a container or VM.

Try it now: opensec scan --demo runs the full loop on a bundled vulnerable app.


See it in action

Scan output — real findings, real repo

opensec scan ./ runs a deterministic engine (25+ secret/code/infra rules) and prints structured findings in under a second:

OpenSec scan results

The Fixer writes the patch — you approve it

Critical finding diff

High finding diff

Run opensec scan --demo to see this on a bundled vulnerable app in seconds — no setup, no API keys.

Demo complete

Screenshots above are generated by node scripts/generate-readme-assets.js from the real scanner output.


The 4 agents

| Agent | Job | Tools | Speed | |-------|-----|-------|-------| | Scanner | Maps the full attack surface across all file types | glob, grep, file_read, bash, think | Fast | | Analyst | Finds vulnerabilities + cross-modal correlation | file_read, grep, think | Thorough | | Consensus | Independently validates every HIGH/CRITICAL finding | think | Precise | | Fixer | Writes patches, diffs, asks approval, commits | file_read, file_edit, file_write, git_diff, git_commit | Careful |


Skills

OpenSec ships with built-in security knowledge injected into every agent:

| Skill | What it gives agents | |-------|---------------------| | owasp-top10 | Full OWASP Top 10 reference — injection, broken auth, SSRF, and more | | secret-patterns | 200+ regex patterns for API keys, tokens, passwords, certificates | | infra-checks | Dockerfile, Kubernetes, Terraform security rules and misconfig patterns | | cross-modal | Rules for correlating findings across code + infra + config together |


What gets scanned

| Category | File types | |----------|-----------| | Code | .py .js .ts .go .rb .java .php .rs .cpp .cs | | Infrastructure | Dockerfile docker-compose.yml *.tf *.hcl *.toml | | Kubernetes / Config | *.yaml *.yml openapi.* *.json (API specs) | | Secrets | .env .env.* *.pem *.key *.p12 *.pfx | | CI/CD | .github/workflows/*.yml .gitlab-ci.yml Jenkinsfile |


Local vs Cloud

| Mode | Cost | Privacy | When to use | Command | |------|------|---------|-------------|---------| | Local | Free | 100% private | Daily scans, CI, private repos | opensec scan ./ | | Quick | Free | 100% private | Fast sweep, pre-commit | opensec scan ./ --quick | | Cloud | API cost | Analyst + Consensus only sent | Critical audits, max accuracy | opensec scan ./ --cloud |

Cloud mode keeps Scanner and Fixer fully local. Only Analyst and Consensus touch the cloud.


MCP Integration

OpenSec exposes an MCP server for IDE and tool integration:

# Start MCP server
opensec serve --port 4141

# Connect from any MCP client
# http://localhost:4141/v1/stream

Available MCP tools:

| Tool | What it does | |------|-------------| | scan_repo | Trigger a full or quick scan on any path | | get_findings | Retrieve last scan results as structured JSON | | apply_fix | Apply a specific validated fix | | get_report | Generate HTML report of findings | | get_status | Ollama connection, model, mode status |


Highlights

| | Feature | | |---|---|---| | 🔒 | Local-first | All inference on your hardware via Ollama — zero cloud dependency | | 🤖 | 4-agent pipeline | Scanner → Analyst → Consensus → Fixer, fully sequential | | 🧠 | Cross-modal analysis | Code + Docker + k8s + Terraform + secrets analyzed together | | ✅ | Consensus scoring | Every finding validated by multiple models, 0.7+ threshold | | 🛠 | 20 built-in tools | Files, grep, glob, bash, git, think, web fetch, RAG, MCP | | 🔌 | MCP server | Exposes scan/fix/report as MCP tools for IDE integration | | 💾 | Session persistence | Resume scans, checkpoints, branches | | ↩️ | Undo | Revert any fix the agent applied | | 🌐 | HTTP API | opensec serve exposes REST + SSE endpoints | | 🎯 | Effort levels | --effort low\|medium\|high\|max controls scan depth | | 🔍 | RAG indexing | Index your codebase for faster repeated scans | | 👁️ | Daemon mode | Watch files and auto-scan on change | | 🧩 | VS Code ready | Works with VS Code via MCP integration | | 🖼️ | Vision | Attach architecture diagrams for visual security review | | 🌿 | Branching | Fork scan sessions, compare findings across branches | | 📊 | Token tracking | /cost for per-scan usage breakdown |


Model recommendations

| Model | Pull command | Best for | |-------|-------------|----------| | qwen2.5-coder:14b | ollama pull qwen2.5-coder:14b | Best overall security analysis | | deepseek-r1:14b | ollama pull deepseek-r1:14b | Consensus reasoning | | llama3.2:3b | ollama pull llama3.2:3b | Fast scanner, low RAM | | codellama:13b | ollama pull codellama:13b | Balanced speed + accuracy |

Minimum spec: 8GB RAM for llama3.2:3b. 16GB for qwen2.5-coder:14b.


CLI reference

opensec scan [path]           # Full 4-agent scan (default: ./)
opensec scan [path] --quick   # Scanner agent only
opensec scan [path] --cloud   # Cloud models for analyst + consensus
opensec fix                   # Apply fixes from last scan
opensec report                # HTML report of findings
opensec serve [--port 4141]   # Start HTTP + MCP server
opensec -m <model>            # Set Ollama model
opensec --effort <level>      # low | medium | high | max
opensec daemon start          # Watch mode — scan on file change

Pro & Enterprise — Coming Soon

OpenSec Intelligence is free forever for local single-model scanning.

Pro and Enterprise tiers are in development for teams and organizations that need maximum accuracy and zero false positives.

🔥 Pro — Coming Soon

  • Multi-model consensus — 3 AI models scan simultaneously, only findings 2+ models agree on get through
  • Zero false positive guarantee — confidence threshold 0.95+
  • Cloud + local hybrid — best of both worlds
  • Priority scanning — larger repos, faster results
  • PDF security reports — shareable compliance-ready reports
  • Slack / Discord alerts — findings posted to your team channel

🏢 Enterprise (Custom) — Coming Soon

  • Air-gapped deployment — fully offline, no internet required
  • Custom model support — bring your own fine-tuned security model
  • CI/CD dashboard — org-wide security posture in one view
  • SARIF output — integrates with GitHub Advanced Security
  • SSO + team management — role-based access control
  • SLA + dedicated support — 99.9% uptime guarantee
  • Compliance reports — SOC2, ISO 27001, OWASP ready

🚀 Roadmap

  • [ ] Multi-model parallel scanning (--multi-model flag)
  • [ ] VS Code extension with inline vulnerability highlights
  • [ ] GitHub App — auto-scan every PR, post findings as comments
  • [ ] Web dashboard for team findings
  • [ ] Custom security rules engine
  • [ ] SARIF + GitHub Advanced Security integration
  • [ ] Slack / Discord bot
  • [ ] API access for custom integrations

Join the Waitlist

Pro and Enterprise are currently in private beta.

Join the waitlist →


Contributing

See CONTRIBUTING.md. Security researchers, AI engineers, and open source contributors welcome.


OpenSec Intelligence — open source under MIT License.

By Prabinder Singh