npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

preflight-pro

v0.2.5

Published

The local security gate for AI-generated code.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

avenasshavenassh

Keywords

preflightsecurityai-codenextjssupabasesecret-scannermcpcli

Readme

PreFlight

⚡ Choose Your Remediation Depth

PreFlight runs in two distinct tiers depending on what your codebase needs:

🟢 Free Tier (Local AST)

  • What it does: Scans and automatically fixes basic security and structural issues completely offline.
  • Setup: Zero config. Works instantly out of the box.
  • Commands:
    npm install -g preflight-pro
preflight scan . --fix

Installing preflight-pro exposes the universal preflight command in your shell.

🚀 Pro Tier (Deep Reasoning)

  • What it does: Scans and automatically fixes everything—including complex multi-file architectural flaws, tenant isolation logic, and parametric SQL injections.

  • Setup: Requires an active PREFLIGHT_PRO_KEY environment variable.

  • Commands:

    # PowerShell
$env:PREFLIGHT_PRO_KEY="PREFLIGHT-BETA-XXXXX"
preflight scan . --fix
    # Bash / macOS
export PREFLIGHT_PRO_KEY="PREFLIGHT-BETA-XXXXX"
preflight scan . --fix

Stop AI Coding Drift before it becomes production technical debt. PreFlight is a local-first safety gate and deterministic orchestration engine designed to catch risky, hallucinated, or unverified AI-generated code snippets inside modern AI coding workflows.

Pricing

  • Free Tier: 100% offline AST syntax scanning and basic structural auto-fixes.
  • Solo Founder Tier: $19/month
  • Team Tier: $49/seat/month

The Tri-State Risk Score Engine

PreFlight parses your code down to an Abstract Syntax Tree (AST) using Tree-Sitter, passing ambiguous findings through deep reasoning layers to enforce explicit architectural contracts:

  • 🔴 Hard Block: Exposed frontend secrets, leaking database service roles, or missing Supabase Row Level Security (RLS).
  • 🟡 High-Risk Drift: Structural state inconsistencies, un-idempotent webhooks, or open CORS contexts.
  • 🟢 Likely Safe: Standard algorithmic changes matching your pre-defined stack rules.

2-Phase Pipeline

PreFlight Pro runs as a strict 2-phase remediation pipeline:

  1. Phase 1: Offline Local AST Sweep PreFlight completes an ultra-fast offline structural pass first and applies any local-only fixes it can resolve without calling the cloud reasoning layer.
  2. Phase 2: PreFlight Pro Deep Reasoning Handoff Only the remaining SQL and complex architectural flaws are handed off through the secure proxy-backed Pro Engine reasoning path for premium remediation suggestions.

Editor & MCP Usage

PreFlight can run directly in the terminal or as an MCP server for AI-native editors.

Start the MCP server locally:

node index.js mcp

Available MCP tools include:

  • scan_project
  • preflight_fix
  • audit_dependencies

Post-Fix Verification Loop

PreFlight is designed to be used as a closed loop, not a one-shot scanner:

  1. Generate or modify code with your AI coding assistant.
  2. Run preflight scan . to classify the change under the Tri-State Risk Score.
  3. If PreFlight returns Hard Block, stop and repair the structural issue before moving forward.
  4. If PreFlight returns High-Risk Drift, run preflight scan . --fix and inspect every proposed fix before applying it.
  5. Re-run preflight scan . after each accepted fix to confirm the repository settles into Likely Safe.
  6. Ship only after the final verification pass is green and the structural receipt matches the architecture boundary you intended.

This verification loop is the product: scan, review, patch, re-scan, then deploy with confidence.