npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

vibefixing

v0.3.1

Published

AI-powered code analysis and auto-fixing CLI tool

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

akiraenduoakiraenduo

Keywords

clicode-analysisaisecuritylintingauto-fix

Readme

Why Now

AI writes code faster than teams can review it.

eslint checks syntax. VibeFixing checks your stack, architecture, and workflow — then tells you what's actually broken.

Quick Start

# npm
npm install -g vibefixing

# pip
pip3 install vibefixing
vibefixing doctor

Zero config. Auto-detects your stack and applies the right skills.

Example Output

 VibeFixing v0.1.0

 Environment
  ✔ Node.js 18+
  ✔ Git repository detected
  ✔ API key configured

 Skills detected
  ✔ TypeScript
  ✔ Next.js (App Router)
  ✔ OWASP Top 10

 Project Health
  Architecture   ███████████████░░░░░  78
  Security       ████████████░░░░░░░░  64
  Quality        ██████████████░░░░░░  72
  ─────────────────────────────────────
  Overall        █████████████░░░░░░░  71

 Top recommendations
  1. [high]   Direct DB access in API route handlers — extract to service layer
  2. [high]   Missing CSRF protection on mutation endpoints
  3. [medium] 'use client' applied to 12 components that use no browser APIs
  4. [medium] Duplicated validation logic across 3 route handlers
  5. [low]    next/image not used in 8 components with <img> tags

Before / After

Real output from an AI-generated Next.js codebase:

| | Before | After diagnosis | |---|---|---| | Input validation | None | 6 injection vectors found | | DB access | Direct calls in route handlers | Service layer extraction recommended | | Business logic | Duplicated across 3 routes | Consolidation points identified | | Architecture score | — | 78 | | Security score | — | 64 |

VibeFixing doesn't auto-rewrite your code. It diagnoses what's broken so you fix it right.

What It Checks

| Category | Examples | |---|---| | Security | OWASP Top 10, hardcoded secrets, injection vectors, insecure defaults | | Architecture | Layer violations, circular dependencies, god objects, missing boundaries | | Framework | Next.js App Router misuse, NestJS DI anti-patterns, Express middleware gaps | | Infrastructure | Docker security, Terraform state management, K8s resource limits, CI/CD hardening | | Database | Missing indexes, N+1 queries, unparameterized queries, connection pooling | | Quality | Dead code, duplicated logic, complexity hotspots, missing error handling | | Language | TypeScript strict mode gaps, Python type hints, Go error handling, Java null safety |

Built-in Skills

VibeFixing uses skills — structured analysis packs that understand specific languages, frameworks, and architectures.

Each skill is based on official documentation and industry-standard references:

| Category | Skill | Reference | |---|---|---| | Language | typescript | TypeScript Handbook | | Language | python | PEP 8 / Python Docs | | Language | go | Effective Go | | Language | java | Oracle Java SE Best Practices | | Language | javascript | MDN JavaScript Guide | | Language | rust | The Rust Book | | Language | ruby | Ruby Style Guide | | Language | php | PHP The Right Way | | Language | csharp | C# Documentation | | Language | swift | Swift.org Documentation | | Language | kotlin | Kotlin Docs | | Language | scala | Scala Documentation | | Language | dart | Effective Dart | | Language | elixir | Elixir Guides | | Framework | nextjs | Next.js Docs | | Framework | react | React Docs | | Framework | nestjs | NestJS Docs | | Framework | express | Express.js Guide | | Framework | django | Django Docs | | Framework | flask | Flask Docs | | Framework | vue | Vue.js Docs | | Framework | angular | Angular Docs | | Framework | nuxt | Nuxt Docs | | Framework | sveltekit | SvelteKit Docs | | Framework | spring | Spring Boot Docs | | Framework | rails | Rails Guides | | Framework | laravel | Laravel Docs | | Framework | fastapi | FastAPI Docs | | Framework | aspnet | ASP.NET Core Docs | | Framework | flutter | Flutter Docs | | Framework | remix | Remix Docs | | Framework | astro | Astro Docs | | Framework | supabase | Supabase Docs | | Framework | firebase | Firebase Docs | | Security | owasp-top10 | OWASP Top 10 (2021) | | Security | secrets-detection | OWASP Secrets Management Cheat Sheet | | Architecture | clean-architecture | The Clean Architecture — Robert C. Martin | | Architecture | ddd | Domain-Driven Design Reference — Eric Evans | | Infrastructure | aws | AWS Well-Architected | | Infrastructure | gcp | GCP Best Practices | | Infrastructure | azure | Azure Well-Architected | | Infrastructure | terraform | Terraform Best Practices | | Infrastructure | docker | Dockerfile Best Practices | | Infrastructure | kubernetes | Kubernetes Docs | | Infrastructure | github-actions | GitHub Actions Docs | | Database | postgresql | PostgreSQL Docs | | Database | mysql | MySQL Docs | | Database | mongodb | MongoDB Docs | | Database | redis | Redis Docs | | Database | bigquery | BigQuery Docs | | Database | firestore | Firestore Docs |

51 built-in skills. Auto-detected. No config needed.

Custom Skills

Add your own skills for team-specific patterns:

# .vibefixing/skills/my-team-rules.yml
skillId: my-team-rules
category: architecture
name: My Team Rules
version: "1.0.0"
match:
  files: ["*.ts"]
rules:
  - "All API handlers must use the withAuth wrapper"
  - "Database access only through repository classes"
antiPatterns:
  - "Direct Prisma calls outside /repositories"
  - "Missing error boundary in page components"

Commands

vibefixing doctor            # Health check — architecture, security, quality scores
vibefixing scan [path]       # Scan for issues using activated skills
vibefixing skills list       # Show available and active skills
vibefixing skills detect     # Detect which skills match your project
vibefixing init              # Initialize config
vibefixing upgrade           # Self-update

Output formats: table (default), json, sarif (GitHub Code Scanning).

GitHub Action

Run VibeFixing on every PR:

name: VibeFixing
on: pull_request

jobs:
  review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    steps:
      - uses: actions/checkout@v4
      - uses: open-neo/vibefixing-action@v1
        with:
          scan: 'true'
          severity: 'medium'
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

PR comments show findings inline with severity and suggested fixes.

Supported Stacks

Languages: TypeScript, JavaScript, Python, Go, Java, Rust, Ruby, PHP, C#, Swift, Kotlin, Scala, Dart, Elixir

Frameworks: Next.js, React, NestJS, Express, Django, Flask, Vue, Angular, Nuxt, SvelteKit, Spring, Rails, Laravel, FastAPI, ASP.NET, Flutter, Remix, Astro, Supabase, Firebase

Infrastructure: AWS, GCP, Azure, Terraform, Docker, Kubernetes, GitHub Actions

Databases: PostgreSQL, MySQL, MongoDB, Redis, BigQuery, Firestore

Architectures: Clean Architecture, DDD, Layered, MVC

More stacks added through skill contributions.

Open Source vs Cloud

| | OSS (this repo) | Cloud | |---|---|---| | CLI | ✔ | ✔ | | Skills | ✔ | ✔ | | GitHub Action | ✔ | ✔ | | AI-powered review | — | ✔ | | Auto-fix engine | — | ✔ | | Patch ranking | — | ✔ | | Team dashboard | — | ✔ | | Repo-wide analytics | — | ✔ | | Policy management | — | ✔ |

The CLI is free and open source (Apache 2.0).

Configuration

VibeFixing works with zero config. For customization:

# .vibefixing.yml
version: "1"
ai:
  provider: anthropic
skills:
  enabled: [typescript, nextjs, owasp-top10]
  custom: ./my-skills
scan:
  severity: medium
  ignore: ["**/*.test.ts", "dist/**"]

Contributing

The easiest way to contribute is to add a new skill pack.

  1. Create a YAML file in skills/<category>/
  2. Define skillId, match, rules, and antiPatterns
  3. Submit a PR

Look for issues labeled good first issue — scoped to single skill additions or rule improvements.

git clone https://github.com/open-neo/vibefixing.git
cd vibefixing
pnpm install
pnpm build
pnpm test

License

Apache 2.0