npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

titanshield

v0.6.4

Published

TitanShieldAI CLI — AI-powered security scanner for your codebase. Zero config. Under 2 minutes.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

titanshieldtitanshield

Keywords

securityscannervulnerabilityaigeminiclisastdevsecopsappsectitanshieldstatic-analysiscode-reviewhardcoded-secrets

Readme

🛡️ titanshield

AI-powered security scanner. Zero config. Under 2 minutes.

Scans your codebase for security vulnerabilities before you deploy — using fast static analysis + Gemini AI deep analysis. Explains every issue in plain English and shows you the exact fix.

Quick Start

# Scan your project right now (static analysis — instant, no key required)
npx titanshield scan ./src

# Full AI scan (Gemini finds what static patterns miss)
npx titanshield scan ./src --key YOUR_GEMINI_API_KEY

# Or set the key as an env var (recommended)
export GEMINI_API_KEY=AIzaSy...
npx titanshield scan ./src

Free Gemini key: aistudio.google.com/app/apikey

What it finds

| Category | Examples | |----------|---------| | 🔴 Hardcoded Secrets | API keys, passwords, tokens in source code | | 🔴 Code Injection | eval(userInput), shell command injection | | 🔴 SQL Injection | String-concatenated queries | | 🟠 Missing Auth | Unprotected routes touching user data | | 🟠 IDOR | Missing ownership checks on resource endpoints | | 🟠 Path Traversal | User input in file paths | | 🟡 Insecure Config | CORS *, weak JWT algorithms, MD5 hashing | | 🟡 XSS Sinks | innerHTML = userInput |

🏢 Enterprise Air-Gapped Hub & Local LLMs

TitanShield achieves 100% market coverage for off-grid, air-gapped defense and enterprise banking environments using Docker, NGINX, and models like DeepSeek-Coder.

1-Click Infrastructure Installer

IT Admins can rapidly deploy a managed, shared local LLM engine (Ollama + NGINX Proxy) directly to their internal servers:

npx titanshield setup-hub

This instantly generates the docker-compose.yml and nginx.conf securely.

Supported Local Engines

You can securely wire existing pipelines directly to any offline model:

# 1. Connect to any Universal Local Server (vLLM, LM Studio, Llama.cpp)
npx titanshield scan ./src --local-openai \
    --local-url "http://localhost:1234/v1" \
    --local-key "sk_optional_key" \
    --model "deepseek-coder"

# 2. Connect to pure local Ollama
npx titanshield scan ./src --local --model "qwen2.5-coder"

Options

npx titanshield scan <path> [options]

  --key, -k <key>       Gemini API key (or GEMINI_API_KEY env var)
  --output, -o <file>   Save HTML report (e.g. report.html)
  --format <type>       terminal (default) | json | html
  --fail-on <level>     Exit code 1 if findings at level+ (CI/CD)
  --no-ai               Static analysis only (faster, offline)
  --verbose, -v         Show all findings including low/info
  --no-color            Disable colors (clean CI logs)
  --help, -h            Show help

Example Output

  🔴 [CRITICAL] Hardcoded Secret Detected
     src/firebase.ts:12
     A secret key is hardcoded in your source code. Anyone who sees your code can steal it.

     Before: const apiKey = "AIzaSy_abc123_realkey"
     After:  const apiKey = process.env.FIREBASE_API_KEY

     Fix: Move secret to environment variable  (5 minutes)

CI/CD Integration

# GitHub Actions example
- name: Security Scan
  run: npx titanshield scan ./src --fail-on high
  env:
    GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}

Exit codes: 0 = pass, 1 = vulnerability found at fail-on level

Config File (optional)

Create titanshield.config.json in your project root:

{
  "geminiApiKey": "AIzaSy...",
  "failOn": "high",
  "skipDirs": ["vendor", "fixtures"],
  "outputFile": "security-report.html"
}

HTML Report

npx titanshield scan ./src --output report.html

Generates a beautiful, shareable security report. Send it to your CTO, embed in Confluence, or commit as a CI artifact.

Languages Supported

TypeScript · JavaScript (ESM/CJS) · Python · Go · JSX/TSX

Built by TitanShieldAI · Dashboard