npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

secretless-ai

v0.6.1

Published

One command to keep secrets out of AI. Works with Claude Code, Cursor, Copilot, Windsurf, and any AI coding tool.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ecolibriaecolibria

Keywords

aisecretscredentialssecurityclaudecursorcopilotwindsurfclineaidermcpmcp-securitymcp-secrets

Readme

OpenA2A: AIM · HackMyAgent · OASB · ARP · Secretless · DVAA

Secretless AI

npm version License: Apache-2.0

One command to keep secrets out of AI LLMs. Works with Claude Code, Cursor, Copilot, Windsurf, Cline, and Aider.

Part of the OpenA2A ecosystem — open-source security for AI agents.

npx secretless-ai init

MCP Secret Protection

Every MCP server config has plaintext API keys sitting in JSON files on your laptop. The LLM sees them. Secretless encrypts them.

npx secretless-ai protect-mcp
  Secretless MCP Protection

  Scanned 1 client(s)

  + claude-desktop/browserbase
      BROWSERBASE_API_KEY (encrypted)
  + claude-desktop/github
      GITHUB_PERSONAL_ACCESS_TOKEN (encrypted)
  + claude-desktop/stripe
      STRIPE_SECRET_KEY (encrypted)

  3 secret(s) encrypted across 3 server(s).

  MCP servers will start normally — no workflow changes needed.

What happens:

  1. Scans MCP configs across Claude Desktop, Cursor, Claude Code, VS Code, and Windsurf
  2. Identifies which env vars are secrets (key name patterns + value regex matching)
  3. Encrypts secrets into a local AES-256-GCM vault (~/.secretless-ai/mcp-vault/)
  4. Rewrites configs to use the secretless-mcp wrapper — decrypts at runtime, injects as env vars
  5. Non-secret env vars (URLs, org names, regions) stay in the config untouched

Before:

{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["@github/mcp-server"],
      "env": {
        "GITHUB_TOKEN": "ghp_plaintext_visible_to_LLM",
        "GITHUB_ORG": "my-org"
      }
    }
  }
}

After:

{
  "mcpServers": {
    "github": {
      "command": "secretless-mcp",
      "args": ["--server", "github", "--client", "claude-desktop", "--", "npx", "@github/mcp-server"],
      "env": {
        "GITHUB_ORG": "my-org"
      }
    }
  }
}

The secret moves to the encrypted vault. The wrapper decrypts it at startup (<10ms overhead) and passes it to the MCP server as an env var. The LLM never sees it.

Other MCP commands:

npx secretless-ai mcp-status      # Show which servers are protected/exposed
npx secretless-ai mcp-unprotect   # Restore original configs from backup

AI Context Protection

AI coding tools read your files to provide context. That includes .env files, API keys in config, SSH keys, and cloud credentials. Once a secret enters an AI context window, it's sent to a remote API — and you can't take it back.

How It Works

Secretless auto-detects which AI tools you use and installs the right protections for each one:

| Tool | Protection Method | |------|------------------| | Claude Code | PreToolUse hook (blocks file reads before they happen) + deny rules + CLAUDE.md instructions | | Cursor | .cursorrules instructions | | GitHub Copilot | .github/copilot-instructions.md instructions | | Windsurf | .windsurfrules instructions | | Cline | .clinerules instructions | | Aider | .aiderignore file patterns |

Claude Code gets the strongest protection because it supports hooks — a shell script runs before every file read and blocks access to secret files at the tool level. Other tools get instruction-based protection.

Quick Start

# In any project directory
npx secretless-ai init

Output:

  Secretless v0.6.0
  Keeping secrets out of AI

  Detected:
    + Claude Code
    + Cursor

  Configured:
    * Claude Code
    * Cursor

  Created:
    + .claude/hooks/secretless-guard.sh
    + CLAUDE.md

  Modified:
    ~ .claude/settings.json
    ~ .cursorrules

  Done. Secrets are now blocked from AI context.

Moving Keys from AI Context to Env Vars

The safest setup: keys live in environment variables, AI tools reference them by name.

Step 1: Move keys to your shell profile

# Add to ~/.zshenv (or ~/.bashrc)
export ANTHROPIC_API_KEY="sk-ant-..."
export OPENAI_API_KEY="sk-proj-..."

Step 2: Remove keys from AI config files

Delete any hardcoded keys from CLAUDE.md, .cursorrules, .env, etc.

Step 3: Run secretless init

npx secretless-ai init

Secretless detects which env vars are set and adds a reference table to your AI tool's instruction file. The AI knows which keys are available and how to authenticate — without seeing the actual values.

Step 4: Verify

npx secretless-ai verify
  Env vars available (usable by tools):
    + ANTHROPIC_API_KEY
    + OPENAI_API_KEY

  AI context files: clean (no credentials found)

  PASS: Secrets are accessible via env vars but hidden from AI context.

Before: Claude sees ANTHROPIC_API_KEY=sk-ant-api03-abc123... in CLAUDE.md — the key is in the context window, extractable via prompt injection.

After: Claude sees a table saying $ANTHROPIC_API_KEY exists and the auth header is x-api-key: $ANTHROPIC_API_KEY. It uses $ANTHROPIC_API_KEY in shell commands. The shell resolves it. Claude never sees the actual value.

Commands

npx secretless-ai init

Detects AI tools in your project and installs protections. If API keys are set as env vars, includes a reference table with service names and auth header formats so the AI can use them without seeing values. Safe to run multiple times.

npx secretless-ai scan

Scans config files for hardcoded credentials — both project-level and global (~/.claude/CLAUDE.md). Detects 49 credential patterns including Anthropic, OpenAI, AWS, GitHub, Slack, Google, Stripe, SendGrid, Supabase, Azure, GitLab, Twilio, Mailgun, and more.

  Found 2 credential(s):

  [CRIT] Anthropic API Key
         ~/.claude/CLAUDE.md:286
         ANTHROPIC_API_KEY=[Anthropic API Key REDACTED]

  [CRIT] OpenAI Project Key
         ~/.claude/CLAUDE.md:284
         OPENAI_API_KEY=[OpenAI Project Key REDACTED]

npx secretless-ai verify

Confirms keys are usable but hidden from AI. Checks that env vars are set AND that the actual key values don't appear in any AI context file.

  PASS: Secrets are accessible via env vars but hidden from AI context.

npx secretless-ai protect-mcp

Scans all MCP configs on your machine, encrypts plaintext secrets into a local vault, and rewrites configs to use the secretless-mcp wrapper. Safe to run multiple times — skips already-protected servers.

npx secretless-ai mcp-status

Shows protection status for every MCP server across all clients. Tells you which servers have exposed secrets and which are protected.

npx secretless-ai mcp-unprotect

Restores all MCP configs to their original state from backups. One command to undo everything.

npx secretless-ai status

Shows current protection status.

  Protected:  Yes
  Tools:      Claude Code, Cursor
  Hook:       Installed
  Deny rules: 14
  Secrets:    0 found in config files

What Gets Blocked

File patterns (20+)

.env, .env.*, *.key, *.pem, *.p12, *.pfx, *.crt, .aws/credentials, .ssh/*, .docker/config.json, .git-credentials, .npmrc, .pypirc, *.tfstate, *.tfvars, secrets/, credentials/

Credential patterns (49)

Anthropic API keys, OpenAI keys, AWS access keys, GitHub PATs, Slack tokens, Google API keys, Stripe keys, SendGrid keys, Supabase keys, Azure keys, GitLab tokens, Twilio keys, Mailgun keys, MongoDB URIs, JWTs, and 34 more

Bash commands

Commands that dump secret files (cat .env, head *.key) and commands that echo secret environment variables (echo $API_KEY, echo $SECRET)

Claude Code Hook

For Claude Code, Secretless installs a PreToolUse hook that intercepts every Read, Grep, Glob, Bash, Write, and Edit tool call. The hook runs before the tool executes, so secrets never enter the AI context window.

# .claude/hooks/secretless-guard.sh
# Runs before every tool call, checks file paths against block list
# Returns deny decision if a secret file is targeted

Additionally, Secretless adds permissions.deny rules to .claude/settings.json as a second layer of defense, and adds instructions to CLAUDE.md so Claude understands why certain files are blocked.

Development

npm run build      # Compile TypeScript to dist/
npm test           # Run tests (vitest)
npm run dev        # Watch mode — recompile on file changes
npm run clean      # Remove dist/ directory

Requirements

  • Node.js 18+
  • A project directory with at least one AI tool configured (or Secretless defaults to Claude Code)

Zero Dependencies

Secretless has zero runtime dependencies. The npm package is 18 KB.

OpenA2A Ecosystem

| Project | Description | Install | |---------|-------------|---------| | AIM | Agent Identity Management -- identity and access control for AI agents | pip install aim-sdk | | HackMyAgent | Security scanner -- 147 checks, attack mode, auto-fix | npx hackmyagent secure | | OASB | Open Agent Security Benchmark -- 182 attack scenarios | npm install @opena2a/oasb | | ARP | Agent Runtime Protection -- process, network, filesystem monitoring | npm install @opena2a/arp | | Secretless AI | Keep credentials out of AI context windows | npx secretless-ai init | | DVAA | Damn Vulnerable AI Agent -- security training and red-teaming | docker pull opena2a/dvaa |

License

Apache-2.0