npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

pentest-agent

v0.1.2

Published

AI agent CLI for automated penetration testing — powered by RedVeil

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

redveil-benredveil-ben

Keywords

Readme

pentest-agent

Run a compliance-ready penetration test from the command line. Powered by RedVeil.

pentest-agent connects to the RedVeil AI penetration testing platform to scan web applications, APIs, networks, and cloud infrastructure for exploitable vulnerabilities — then generates audit-grade reports with reproducible findings and evidence. No GUI required. Runs anywhere Node.js does: local machines, CI pipelines, or inside AI coding agents. OpenClaw & Claude Code welcome.

Install

npm install -g pentest-agent
bun install -g pentest-agent

Or run directly without installing:

npx pentest-agent --help
bunx pentest-agent --help

Quick start

# Authenticate
pentest-agent auth login

# Create a web application project
pentest-agent project create webapp \
  --name "Acme Web App" \
  --target https://app.acme.com \
  --auth-type none

# Start a scan
pentest-agent scan start <projectId>

# Check progress
pentest-agent scan status <projectId>

# View findings
pentest-agent finding list <projectId>

# Generate an executive report
pentest-agent report generate --project <projectId> --type executive_pdf

What is RedVeil?

RedVeil is an AI-powered penetration testing platform that delivers the depth of manual security testing with the speed and scalability of automation. Built by experienced penetration testers, RedVeil uses intelligent AI agents to simulate real-world attacker behavior across web applications, APIs, networks, and cloud infrastructure.

Unlike traditional scanners, RedVeil doesn't just identify potential vulnerabilities — it validates them through controlled exploitation and provides proof-of-concept evidence. The result is a fast, repeatable, defensible penetration test that can be executed on demand.

Key capabilities

  • AI agents with attack-path reasoning — context-aware agents that reason through multi-step attack chains, discovering business logic flaws and chained exploitation paths
  • Verified exploitable findings — every finding includes evidence, reproduction steps, impact explanation, and CVSS scoring with near-zero false positives
  • On-demand autonomous testing — launch a full assessment in hours instead of weeks, no scoping calls or scheduling delays
  • Compliance-ready reporting — professional reports mapped to ISO 27001, SOC 2, HIPAA, HITRUST, CMMC, PCI-DSS, and more
  • Guided remediation with Rune — an in-platform AI security consultant that explains findings in plain language and provides step-by-step fix guidance
  • One-click retesting — verify remediations instantly without scheduling a separate engagement

CLI features

  • JSON-first output — every command supports --json for scripting, piping, and AI agent consumption
  • Profile management — maintain multiple authenticated sessions for different organizations
  • Flexible input — targets via repeatable flags, CSV, JSON arrays, or @file references
  • Device auth flow — two-step authentication for headless CI/CD environments
  • Full project lifecycle — create, configure, scan, triage, report, and monitor usage from a single tool

Environment variables

| Variable | Description | | --- | --- | | REDVEIL_TOKEN | JWT access token — overrides the stored profile token. Ideal for CI. | | REDVEIL_PROFILE | Default profile name when --profile is not passed. | | REDVEIL_CONFIG_DIR | Override the config directory. Defaults to ~/.config/redveil. | | REDVEIL_DEBUG | Set to 1 for full stack traces on errors. |

CI/CD example

# Store your token as a CI secret, then:
export REDVEIL_TOKEN="$REDVEIL_SECRET"

# Create and scan
PROJECT=$(pentest-agent project create webapp \
  --name "Acme App" \
  --target https://app.acme.com \
  --auth-type bearer \
  --bearer-token @/secrets/bearer.txt \
  --json)
PROJECT_ID=$(echo "$PROJECT" | jq -r '._id')

pentest-agent scan start "$PROJECT_ID"
pentest-agent scan status "$PROJECT_ID" --json
pentest-agent finding list "$PROJECT_ID" --json
pentest-agent report generate --project "$PROJECT_ID" --type executive_pdf --json

Links

License

Proprietary. Copyright RedVeil, Inc. All rights reserved.