npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

the-guard

v1.0.1

Published

Universal AI failsafe system that intercepts dangerous operations and requires human verification before they proceed

Downloads

207

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

zitrobotzitrobot

Keywords

aisafetyguardmcphooksgitfailsafeverificationproxywebhook2fasecurityplatformspre-pushdangerous-operations

Readme

theGuard

npm license platforms rules

Universal AI failsafe system that intercepts dangerous operations from AI coding assistants and requires human verification before they proceed.

Full documentation and demos at bryanbot.com

Quick Start

npx the-guard init    # auto-detects your platforms and AI tools
the-guard on          # enable all guards

That's it. theGuard now protects your project. When an AI agent tries something dangerous, it gets blocked and you get an email with a verification code.

Simple On/Off

the-guard on          # instant, full protection
the-guard off         # requires email verification (AI can't disable its own guard)

What It Guards

170+ rules across 18 platforms: AWS, Azure, GCP, Kubernetes, Docker, Terraform, Cloudflare, Firebase, Vercel, Supabase, GitHub, Resend, Stripe, Neon, PlanetScale, Turso, Fly.io, Railway.

$ git push --force origin main
  DELETE GUARD: "Force push" blocked [GITHUB-DELETE-004]
  Severity: critical | Impact: data-loss
  Tip: Use --force-with-lease instead.
  Check your email for the verification code.

Custom Rules

the-guard rule add "npm publish"                      # block npm publish
the-guard rule add "kubectl apply" --guard push        # block kubectl apply
the-guard rule add-tool mcp__custom__deploy            # block an MCP tool
the-guard rule list                                    # see all custom rules
the-guard rule remove "npm publish"                    # remove a rule

AI Tool Support

Auto-configures hooks for 6 AI coding tools during the-guard init:

| Tool | Integration | |------|------------| | Cursor | hooks.json + mcp.json | | GitHub Copilot | .vscode/mcp.json | | Cline | PreToolUse hook script | | Windsurf | hooks.json + mcp_config.json | | Continue.dev | mcpServers config |

MCP Proxy

Intercept all MCP tool calls from any AI tool:

the-guard mcp --proxy

Auto-discovers upstream MCP servers, aggregates tools, blocks dangerous calls, forwards safe ones.

Key Features

| Feature | Description | |---------|------------| | Email 2FA | Verification codes sent via email. AI never sees them. | | Loop Detection | Catches runaway AI agents. 3 blocks in 5 minutes triggers lockout. | | Cost Guard | Rate limits on tool calls per session, per minute, per tool. | | YAML Policies | Write allow/deny rules in YAML with environment and branch conditions. | | Learning Mode | Observe agent behavior, get rule suggestions. | | Report Cards | Session reports with risk scores, block rates, top tools. | | Team Approvals | Git-based approval workflow for sensitive operations. | | Rollback Snapshots | Auto-captures state before dangerous operations. | | Webhook Notifications | Slack, Discord, or any URL on block events. | | Real-time Dashboard | Live activity feed at the-guard dashboard. | | VS Code Extension | Status bar, notifications, inline verify, sidebar. | | Browser Extension | Warns about dangerous commands in web AI tools and IDEs. | | GitHub Action | CI check for guard installation and platform coverage. |

CLI Commands

# Core
the-guard on                    # enable all guards
the-guard off                   # disable (requires email verification)
the-guard status                # show current state
the-guard verify <code>         # submit verification code

# Rules
the-guard rule add <pattern>    # add custom bash pattern
the-guard rule add-tool <name>  # add MCP tool guard
the-guard rule list             # list custom rules
the-guard rule remove <pattern> # remove a rule

# Setup
the-guard init                  # interactive setup wizard
the-guard update                # refresh platform patterns
the-guard doctor                # validate installation

# Advanced
the-guard dashboard             # open real-time dashboard
the-guard learn start           # start learning mode
the-guard learn report          # get rule suggestions
the-guard report                # generate session report card
the-guard team request          # request approval for blocked op
the-guard team approve <id>     # approve a request
the-guard policy list           # show YAML policies
the-guard mcp --proxy           # start MCP proxy

Security

  • Timing-safe hash comparison prevents side-channel attacks
  • Email isolation ensures AI cannot see or extract verification codes
  • Loop detection catches and locks out runaway agents
  • Path validation prevents directory traversal in snapshots
  • Zero-dependency hook uses only Node.js built-ins
  • Audit trail logs every guard event as JSONL

GitHub Action

- uses: zitro/theGuard@v1
  with:
    enforce: full    # false (advisory) | install | full

Requirements

  • Node.js 18+
  • Resend for email verification (free tier available)

Links

License

MIT