npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

veilguard

v0.3.5

Published

MCP security scanner for AI-assisted development. Catches vulnerabilities in AI-generated code.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

veilguard.coveilguard.co

Keywords

mcpsecurityscannervibe-codingsupabaserlssecretsvulnerabilitiesclaude-codecursorwindsurf

Readme

🛡️ Veilguard

Silent security for AI-assisted development

npm version License: MIT Node.js

Website · Documentation · Get Pro

Veilguard is an MCP security scanner that runs inside your AI coding IDE. It catches vulnerabilities that AI-generated code introduces — leaked secrets, SQL injection, broken database security, unverified webhooks, and more.

You never run a scan. You never read a report. You just code.

Quick Start

Option A — One command (recommended)

From your project root, run:

npx -y --package=veilguard veilguard-cli init

Veilguard shows an arrow-key checklist of IDEs — use ↑/↓ to move, space to select, a for all, enter to confirm. It writes each selected IDE's MCP config to its global location (in your home folder), so it works across all your projects and nothing is added to your repo. The optional AI rules file (.cursorrules, .windsurfrules) is written to the project and auto-added to .gitignore. Then restart your IDE.

Claude Code isn't in the checklist — it has its own one-liner:

claude mcp add veilguard -- npx -y --package=veilguard veilguard-mcp

Option B — Manual setup

Copy this JSON into your IDE's MCP config file:

{
  "mcpServers": {
    "veilguard": {
      "command": "npx",
      "args": ["-y", "--package=veilguard", "veilguard-mcp"],
      "env": {
        "VEILGUARD_KEY": ""
      }
    }
  }
}

| IDE | Config file | Config key | |-----|-------------|------------| | Cursor | .cursor/mcp.json (project) | mcpServers | | VS Code | .vscode/mcp.json (project) | servers + "type": "stdio" — see below | | Windsurf | ~/.windsurf/mcp.json (global) | mcpServers | | Claude Code | run claude mcp add veilguard -- npx -y --package=veilguard veilguard-mcp | — | | Antigravity | ~/.gemini/antigravity/mcp_config.json (global) | mcpServers |

VS Code uses a slightly different shape — top-level servers and an explicit type:

{
  "servers": {
    "veilguard": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "--package=veilguard", "veilguard-mcp"],
      "env": { "VEILGUARD_KEY": "" }
    }
  }
}

Restart your IDE

Close and reopen your IDE. Veilguard starts automatically.

Free users: Leave VEILGUARD_KEY empty — all 14 scanners work out of the box.
Pro users: Add your license key from veilguard.dev/pro to unlock graded audits.

📚 Full setup guides: veilguard.dev/docs

Security Scanners

Veilguard includes 15 specialized security tools that catch every vulnerability AI-generated code introduces:

| Scanner | What It Detects | |---------|-----------------| | scan_secrets | 60+ secret patterns, client-side AI API calls, service_role key exposure | | check_env | Unprotected .env files, NEXT_PUBLIC_ secret exposure | | scan_webhooks | Unverified webhooks, missing payment failure handlers | | scan_injection | SQL/NoSQL/command injection, IDOR, mass assignment | | check_cors | CORS wildcard misconfigurations | | check_supply_chain | Malicious and typosquatted npm packages | | check_auth_config | Auth misconfigurations, insecure password reset flows | | check_headers | Missing security headers (CSP, HSTS, X-Frame-Options) | | check_git | Secrets in git history, .gitignore gaps | | scan_dependencies | Known CVEs via Google OSV.dev | | check_supabase_rls | Row Level Security misconfigurations | | check_firebase | Firebase security rules analysis | | scan_app_security | Rate limiting, file uploads, error exposure, open redirects | | scan_rules_files | Hidden Unicode backdoors in AI rules files | | full_audit | All scanners + security grade (A+ to F) |

How It Works

Your AI agent calls Veilguard tools automatically while you code:

| Trigger | Scanner | |---------|---------| | Writing/modifying files | scan_secrets | | Creating API routes | scan_webhooks + scan_injection | | Changing database schemas | check_supabase_rls | | Modifying package.json | check_supply_chain + scan_dependencies | | Modifying AI rules files | scan_rules_files | | Before deploying | full_audit |

Clean scan = silence. Issue found = plain-English explanation with a fix.

Free vs Pro

| Feature | Free | Pro | |---------|:----:|:---:| | All 14 scanners | ✅ | ✅ | | Full audit with grade | 🔒 | ✅ | | AI-ready fix prompts | — | ✅ | | All CVE severities | — | ✅ | | Git history scanning | — | ✅ |

Pro: $19/month · unlimited audits/month · Get Pro →

Contributing

See CONTRIBUTING.md for development setup and guidelines.

License

MIT © Mohamed Elmi

Website · Documentation · Get Pro

Made with 🛡️ for developers who ship fast