npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

rebar-mcp

v2.4.4

Published

Reinforcement for AI-generated code. Enforcement hooks, quality audits, and opinionated templates that prevent AI coding tools from shipping broken code.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

rcolkittrcolkitt

Keywords

mcpclaude-codecursorcodexwindsurfai-codingcode-qualityenforcementguardrailslintingsecuritytestingagent-skills

Readme

Rebar

Reinforcement for AI-generated code.

Rebar prevents AI coding tools from shipping broken, incomplete, or insecure code. It embeds enforcement hooks, quality audits, and opinionated templates directly into your development environment — catching shortcuts at the moment of creation, not after the PR is opened.

Works with: Claude CodeCursorWindsurfCodex CLI

What Rebar Does

| Problem | Without Rebar | With Rebar | |---------|---------------|------------| | Claude skips tests | "I've completed the implementation" (no tests run) | Hook runs tests after every file change. Strict mode blocks until tests pass. | | Empty catch blocks | Errors silently swallowed | Audit detects and flags every empty catch block | | any types everywhere | TypeScript without type safety | Paranoid mode blocks files containing any | | Incomplete implementations | TODO comments shipped to production | Paranoid mode blocks commits with TODO/FIXME | | Hardcoded secrets | API keys in source code | Pre-commit hook detects and blocks secret patterns | | Destructive commands | rm -rf / | Pre-execution hook blocks dangerous commands | | Inconsistent setup | Every developer configures differently | One rebar init standardizes the entire team |

Quick Start

As an MCP Server (Claude Code)

claude mcp add rebar -- npx rebar-mcp

Then in Claude Code:

> Initialize Rebar with strict enforcement

HTTP Transport Mode

# Start as HTTP server (for remote/cloud deployments)
npx rebar-mcp --http --port 3000

# Endpoints:
# POST http://localhost:3000/mcp  - MCP protocol
# GET  http://localhost:3000/health - Health check

As a CLI

# Initialize a project
npx rebar-mcp init --strictness strict --platforms all

# Audit code quality
npx rebar-mcp audit --threshold 70

# Check setup health
npx rebar-mcp doctor

In CI/CD

# .github/workflows/rebar.yml
- run: npx rebar-mcp audit --threshold 70 --format json

23 Tools Across 4 Tiers

Tier 1: Scaffolding

| Tool | Description | |------|-------------| | rebar_init_project | Initialize a complete Rebar setup with CLAUDE.md, hooks, skills, agents | | rebar_generate_claudemd | Generate CLAUDE.md from project analysis | | rebar_create_skill | Create a new skill with YAML frontmatter | | rebar_create_agent | Create a new agent definition | | rebar_create_hook | Add lifecycle hooks to settings.json | | rebar_create_command | Create a command skill (slash command) |

Tier 2: Knowledge & Management

| Tool | Description | |------|-------------| | rebar_create_knowledge | Create a knowledge document in .claude/docs/ | | rebar_create_adr | Create an Architecture Decision Record | | rebar_list_artifacts | List all Claude Code artifacts in a project | | rebar_validate_config | Validate configuration files with auto-fix | | rebar_audit_context | Audit context budget and warn about large skills | | rebar_audit_code_quality | Run code quality audit with custom rules | | rebar_doctor | Run health checks on Rebar setup |

Tier 3: Enterprise

| Tool | Description | |------|-------------| | rebar_apply_compliance | Apply compliance packs (HIPAA, SOC2, PCI-DSS, SOX, GDPR, ISO27001, FedRAMP) | | rebar_create_ci_workflow | Generate GitHub Actions workflow for Claude Code review | | rebar_create_security_hook | Create security hooks with strictness levels | | rebar_generate_mcp_config | Generate .mcp.json with pre-configured MCP servers |

Tier 4: Pre-Review (Real-time Code Enforcement)

| Tool | Description | |------|-------------| | rebar_enable_prereview | Install PreToolCall hooks for real-time code review | | rebar_prereview_history | View audit trail of all pre-review decisions | | rebar_prereview_rules | Manage custom project-specific pre-review rules |

7 Compliance Packs

| Standard | Hooks | Skills | Use Case | |----------|-------|--------|----------| | HIPAA | PHI detection, audit logging | phi-handler | Healthcare applications | | SOC2 | Audit logging | access-control-review | SaaS platforms | | PCI-DSS | Card number blocking | — | Payment processing | | SOX | Financial audit logging | — | Financial systems | | GDPR | PII detection, audit logging | gdpr-data-handler | EU data processing | | ISO 27001 | Security audit, config detection | isms-reviewer | Enterprise security | | FedRAMP | Federal audit, connection warnings | fedramp-security-review | US government contractors |

# Apply compliance pack
> Apply HIPAA compliance to this project

Strictness Profiles

| Profile | Tests | Lint | Secrets | Danger | File Size | any Types | TODOs | |---------|-------|------|---------|--------|-----------|-------------|-------| | Standard | Notify | Notify | Block | Block | — | — | — | | Strict | Block | Block | Block | Block | — | — | — | | Paranoid | Block | Block | Block | Block | Block >400 lines | Block | Block |

# Set strictness
npx rebar-mcp set-strictness paranoid

What Gets Generated

Running rebar init creates:

Claude Code: CLAUDE.md, .claude/settings.json (enforcement hooks), .claude/skills/ (5 skills), .claude/agents/ (3 agents), .claudeignore

Cursor: .cursor/rules/ (project rules + skill rules)

Windsurf: .windsurf/rules/ (project rules + skill rules)

Codex CLI: AGENTS.md

10 Pre-configured MCP Services

Generate MCP configurations for popular services:

github, sentry, postgres, slack, linear, jira, datadog, pagerduty, vercel, supabase
> Generate MCP config for github, slack, and sentry

Quality Audit

npx rebar-mcp audit

Checks for:

  1. TODO/FIXME/HACK/XXX comments
  2. Empty catch blocks
  3. any type usage
  4. console.log in production code
  5. Files over 400 lines
  6. Functions over 50 lines
  7. Hardcoded secrets
  8. Custom rules (.rebar/rules.yaml)

Returns a quality score from 0–100.

Custom Rules

Add project-specific rules in .rebar/rules.yaml:

rules:
  - name: no-direct-axios
    description: "Use the API client in src/lib/api.ts"
    pattern: "import.*from ['\"]axios['\"]"
    severity: HIGH
    file_patterns: ["*.ts", "*.tsx"]
    exclude_files: ["src/lib/api.ts"]

Doctor

npx rebar-mcp doctor

Runs 10 health checks on your Rebar setup: CLAUDE.md presence, hook installation, skill configuration, context budget, cross-platform consistency, and more.

Pre-Review: Real-time Code Enforcement

Unlike CI/CD tools that scan code after it's written, Rebar's pre-review system intercepts Write, Edit, and Bash operations at the moment of creation — before the code ever hits disk.

# Enable pre-review with strict enforcement
npx rebar-mcp prereview --enable --strictness strict

What Gets Blocked

| Category | Pattern | Strictness | |----------|---------|------------| | Secrets | AWS keys, API tokens, private keys | Standard | | Dangerous Commands | rm -rf /, git push --force, DROP TABLE | Standard | | SQL Injection | Template literals in SQL queries | Standard | | eval() Usage | Dynamic code execution | Standard | | Empty Catch Blocks | Silent error swallowing | Strict | | Hardcoded URLs | Non-environment URLs | Strict | | any Types | TypeScript type safety bypass | Paranoid | | Console Statements | Debug code in production | Paranoid | | TODO Comments | Unfinished work markers | Paranoid | | Large Files | Files over 400 lines | Paranoid |

Audit Trail

Every decision is logged to .rebar/decisions/ for compliance:

{
  "id": "prereview_2024-01-15_001",
  "timestamp": "2024-01-15T14:30:00Z",
  "operation": "write",
  "target": "src/api.ts",
  "decision": "block",
  "reasoning": "Potential secret or API key detected",
  "latency_ms": 12
}

CLI Commands

# Run pre-review on content
npx rebar-mcp prereview --op write --file src/api.ts

# View decision history
npx rebar-mcp prereview-stats

# Add custom rules
npx rebar-mcp prereview-rules --add "pattern=TODO" --severity warning

LLM-Powered Semantic Analysis (Pro/Team)

Local regex patterns catch obvious issues. LLM review catches the hard stuff:

| Issue Type | Local (Free) | LLM (Paid) | |------------|--------------|------------| | Hardcoded secrets | ✓ | ✓ | | Dangerous commands | ✓ | ✓ | | N+1 query patterns | ✗ | ✓ | | Race conditions | ✗ | ✓ | | Business logic violations | ✗ | ✓ | | Architecture drift | ✗ | ✓ | | Context-aware review | ✗ | ✓ |

Setup

# Set your Anthropic API key
export REBAR_API_KEY=sk-ant-...

# Choose your tier
export REBAR_TIER=pro   # 1,000 LLM reviews/month
# or
export REBAR_TIER=team  # 5,000 LLM reviews/month

How It Works

  1. Context Building — Extracts CLAUDE.md rules, recent blocks, and project conventions
  2. Hybrid Review — Runs local patterns first, then LLM for deeper analysis
  3. Learning — Records blocked patterns for future reference
  4. Fallback — Gracefully falls back to local if LLM unavailable
# Check license status
npx rebar-mcp license

Cross-Session Memory

Rebar learns from your project's decision history and applies that knowledge to future reviews.

What Gets Learned

  • Pattern Frequency — Patterns blocked 5+ times escalate from warning to critical
  • Project Insights — Common issues in specific directories
  • Review Statistics — Block rates, latency metrics

Commands

# View current memory
npx rebar-mcp memory show

# Learn from decision history
npx rebar-mcp memory learn

# Clear memory (start fresh)
npx rebar-mcp memory clear

# Export memory as JSON
npx rebar-mcp memory export

Memory Storage

Memory is persisted to .rebar/memory.json:

{
  "version": 1,
  "learnedPatterns": [
    {
      "id": "aws-key",
      "name": "AWS Access Key",
      "blockCount": 12,
      "severity": "critical",
      "lastSeen": "2024-01-15T14:30:00Z"
    }
  ],
  "projectInsights": [
    {
      "id": "api-dir-issues",
      "description": "src/api/ frequently has SQL injection patterns",
      "affectedFiles": ["src/api/users.ts", "src/api/orders.ts"],
      "confidence": 0.85
    }
  ]
}

Analytics Dashboard

Analyze trends and generate insights from your pre-review history.

# Last 30 days (default)
npx rebar-mcp analytics

# Last 7 days
npx rebar-mcp analytics 7

# JSON export for dashboards
npx rebar-mcp analytics --format json

Sample Output

Pre-Review Analytics Report
===========================

Period: 2024-01-01 to 2024-01-31 (30 days)

Summary
-------
Total reviews: 247
Blocked: 23 (9.3%)
Warned: 41 (16.6%)
Approved: 183

Performance
-----------
Avg latency: 45ms
P50 latency: 32ms
P95 latency: 156ms

Top Patterns
------------
  ↑ AWS Access Key: 12x (0.4/day)
  → Empty Catch Block: 8x (0.3/day)
  ↓ any Type Usage: 5x (0.2/day)

Recent Activity (last 7 days)
-----------------------------
  2024-01-25: ████ 4 (1B/0W)
  2024-01-26: ██████████ 10 (2B/3W)
  2024-01-27: ████████ 8 (1B/2W)

Insights
--------
  • Low block rate (9.3%) - code quality is good!
  • "AWS Access Key" is trending upward - review recent code
  • Excellent review speed: 45ms average

Pricing Tiers

| Feature | Free | Pro ($19/mo) | Team ($49/user/mo) | |---------|------|--------------|-------------------| | Regex patterns | Unlimited | Unlimited | Unlimited | | LLM reviews | 0 | 1,000/month | 5,000/month | | Cross-session memory | ✗ | ✓ | ✓ | | Analytics | Basic | Full | Full | | Audit retention | 7 days | 90 days | 1 year | | Support | Community | Email | Priority |

CLI Reference

rebar init [options]          # Initialize Rebar enforcement
rebar audit [options]         # Run quality audit
rebar doctor [options]        # Check setup health
rebar set-strictness <level>  # Change enforcement level
rebar metrics [options]       # View quality score history
rebar badge [options]         # Generate quality badge SVG

# Pre-Review
rebar prereview [options]     # Run pre-review (invoked by hooks)
rebar prereview-stats         # View decision statistics

# LLM & Memory
rebar license                 # View license and usage
rebar memory [action]         # Manage cross-session memory
rebar analytics [days]        # View trends and insights

License

MIT