npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

vibehacker

v4.6.0

Published

Vibe Hacker — Terminal AI cybersecurity assistant. Free models, autonomous agent, multi-provider rotation.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vibehackervibehacker

Keywords

aicybersecurityhackingterminalclipentestsecurityagentautonomousfreevibehackergroqgemini

Readme

What is Vibe Hacker?

Vibe Hacker is an AI-powered cybersecurity assistant that runs entirely in your terminal. It can read, write, and edit files, run shell commands, search codebases, and reason about security — all autonomously.

Think of it as Claude Code for cybersecurity — but free, open-source, and works with 13 AI providers out of the box.

+-----------------------------------------------------------------+
|  Vibe Hacker v4.1.0              Hunt Mode       Vibe Model     |
+-----------------------------------------------------------------+
|                                                                  |
|  You: Find all SQL injection vulnerabilities in this project     |
|                                                                  |
|  > Searching for SQL patterns...                                 |
|  | grep: "query|execute|raw.*sql" in **/*.js                     |
|  | read_file: src/db/users.js (lines 45-80)                      |
|  | edit_file: src/db/users.js (parameterized query)               |
|  | Done - fixed 3 SQL injection vulnerabilities                  |
|                                                                  |
|  Found 3 SQL injection vulnerabilities in src/db/:               |
|  - users.js:52  string concatenation in WHERE clause             |
|  - users.js:67  unsanitized ORDER BY                             |
|  - posts.js:23  raw query with user input                        |
|  All 3 have been patched with parameterized queries.             |
|                                                                  |
+-----------------------------------------------------------------+
| >                                                                |
+-----------------------------------------------------------------+

Key Features

  • Autonomous Agent — Reads, writes, edits files and runs commands to complete tasks end-to-end
  • 10 Built-in Tools — read, edit, write, execute, grep, glob, list, search, mkdir, delete
  • 13 AI Providers — Groq, Gemini, Cerebras, Mistral, OpenRouter, xAI, Anthropic, OpenAI, and more
  • Smart Rotation — Auto-switches providers on rate limits with circuit breaker protection
  • Surgical Edit — Exact string replacement with mtime conflict detection and undo support
  • Parallel Grep — 8-concurrent file reads with binary extension filtering
  • Context Management — 3-phase trimming keeps conversations within token limits
  • Project Memory — Reads VIBEHACKER.md for project-specific instructions
  • 100% Free — Works with free-tier API keys, no credit card needed

Install

One-liner (Linux / macOS / WSL)

curl -fsSL https://vibsecurity.com/install.sh | bash

npm

npm install -g vibehacker

Run

vibehacker

Uninstall

npm uninstall -g vibehacker
# or
curl -fsSL https://vibsecurity.com/install.sh | bash -s -- --uninstall

Requirements

  • Node.js 16+ (recommend 22 LTS)
  • A terminal with ANSI color support

Quick Start

# 1. Install
npm install -g vibehacker

# 2. Launch
vibehacker

# 3. (Optional) Add a free API key for more requests
#    Inside the app, type:
/addkey gsk_your_groq_key_here

On first launch you get 50 free requests/day with zero setup. Add your own free API keys for unlimited usage.

Modes

| Mode | Description | Tools | |------|-------------|-------| | Chat | Expert Q&A — security, engineering, threat intel | None (conversation only) | | Hunt | Autonomous agent — reads, writes, edits files, runs commands | All 10 tools |

Switch modes with Tab or /mode.

Tools

Hunt mode gives the AI access to 10 tools for autonomous task completion:

| Tool | Description | Needs Approval | |------|-------------|:--------------:| | read_file | Read file contents with line numbers, offset/limit | No | | edit_file | Surgical string replacement with diff output and undo | Yes | | write_file | Create or overwrite files | Yes | | execute_command | Run shell commands (2 min timeout) | Yes | | grep | Regex search across files (parallel, 8 concurrent) | No | | glob | Find files by glob pattern | No | | list_files | List directory contents | No | | search_files | Regex search with context lines | No | | create_directory | Create directories recursively | No | | delete_file | Delete a file | Yes |

Tool Approval

Tools that modify your system ask for confirmation before running:

| Option | Key | What it does | |--------|-----|-------------| | Yes | 1 or y | Execute this one time | | Always allow | 2 | Auto-approve similar operations going forward | | No | 3 or n | Reject |

Keyboard Shortcuts

| Key | Action | |-----|--------| | Tab | Cycle mode (Chat / Hunt) | | Ctrl+P | Command palette | | Ctrl+L | Clear output | | Ctrl+X | Cancel running request | | Ctrl+R | Retry last message | | Up / Down | Input history | | PageUp / PageDown | Scroll output | | Escape | Clear input | | Ctrl+C | Exit |

Slash Commands

| Command | Description | |---------|-------------| | /clear | Clear chat history and context | | /undo | Undo the last file edit | | /modified | List all files changed this session | | /mode | Switch mode (Chat / Hunt) | | /retry | Retry the last message | | /cd <path> | Change working directory | | /cwd | Show current directory | | /addkey <key> | Add an AI provider key | | /providers | List configured providers | | /model | Switch model | | /tokens <n> | Set max output tokens | | /approve | Manage auto-approved tools | | /refresh | Refresh model list | | /update | Check for updates | | /pro | Upgrade to Pro | | /help | Show help | | /exit | Exit |

Providers

Vibe Hacker supports 13 AI providers. Free-tier providers require no credit card.

Free Providers

| Provider | Free Limit | Top Models | Get a Key | |----------|-----------|------------|-----------| | Built-in | 50 req/day | Llama 3.3 70B, Qwen3 235B, DeepSeek R1 | No key needed | | Groq | 14,400 req/day | Llama 3.3 70B, Llama 4 Scout, Kimi K2 | console.groq.com | | Cerebras | 1M tokens/day | Qwen3 235B, Llama 3.1 8B | inference.cerebras.ai | | Gemini | 1,000 req/day | Gemini 2.5 Flash, 2.5 Pro (1M context!) | aistudio.google.com | | Mistral | ~1B tok/month | Codestral, Mistral Large | console.mistral.ai | | xAI | $25/mo credits | Grok 3, Grok 3 Mini | console.x.ai | | Together | $1 free credit | Llama 3.3 70B, DeepSeek R1 | api.together.xyz | | OpenRouter | 50 req/day | 7 free models | openrouter.ai |

Paid Providers

| Provider | Models | Get a Key | |----------|--------|-----------| | Anthropic | Claude Opus 4.5, Sonnet 4.5, Haiku 3.5 | console.anthropic.com | | OpenAI | GPT-4.1, GPT-4o, o4-mini | platform.openai.com | | DeepSeek | DeepSeek V3, DeepSeek R1 | platform.deepseek.com |

Adding a Provider

Inside Vibe Hacker, type:

/addkey gsk_xxxxxxxxxxxx          # Groq
/addkey csk-xxxxxxxxxxxx          # Cerebras
/addkey AIzaxxxxxxxxxxxx          # Gemini
/addkey mistral:xxxxxxxxxxxx      # Mistral
/addkey xai-xxxxxxxxxxxx          # xAI
/addkey sk-ant-xxxxxxxxxxxx       # Anthropic
/addkey sk-xxxxxxxxxxxx           # OpenAI

Keys are auto-detected by their prefix and stored locally in ~/.vibehacker/config.json.

Smart Rotation

When a provider hits a rate limit:

  1. Tries another model on the same provider
  2. Switches to the next healthy provider if all models fail
  3. Circuit breaker opens after 3 consecutive failures (30s cooldown)
  4. Providers with open circuit breakers are skipped automatically

This happens silently — you never see rate limit errors.

Project Memory

Create a VIBEHACKER.md file in your project root to give the agent project-specific context:

# Project Context

This is a Node.js REST API using Express and PostgreSQL.

## Conventions
- Use TypeScript strict mode
- All SQL queries must use parameterized statements
- Error responses follow RFC 7807

## Security
- All endpoints require JWT auth
- Rate limit: 100 req/min per IP
- Input validation with Joi on all POST/PUT

Also supports .vibehacker/context.md and .vibehacker/instructions.md.

Use Cases

Security Auditing

Find all OWASP Top 10 vulnerabilities in this project
Check dependencies for known CVEs
Find hardcoded secrets in this repo

Penetration Testing

Generate a recon checklist for example.com
Review this firewall config for misconfigurations
Analyze this pcap for suspicious traffic

Code Security

Fix all SQL injection vulnerabilities in src/
Add input validation to every API endpoint
Review the auth flow for security issues

DevSecOps

Write a GitHub Actions workflow for SAST scanning
Create a secure Dockerfile for this app
Set up CSP headers for this Express server

Learning

Explain how buffer overflow attacks work
What is the difference between symmetric and asymmetric encryption?
Walk me through the TLS 1.3 handshake

Architecture

vibehacker/
├── index.js              Entry point
├── install.sh            One-line installer
└── src/
    ├── app.js            TUI (blessed), streaming, XML filter, render loop
    ├── agent.js          Agent loop, system prompt, context management
    ├── api.js            HTTP streaming, provider health, circuit breaker
    ├── tools.js          10 tools, file state tracking, parallel grep
    ├── providers.js      13 provider definitions, rotation logic
    ├── approve.js        Tool approval dialog
    └── config.js         Configuration loading and migration

Technical Highlights

| Feature | Detail | |---------|--------| | Streaming | Real-time SSE with unified parser (OpenAI + Anthropic formats) | | Tool Calling | XML tags in model output — works with any model, no function-calling API needed | | Circuit Breaker | Provider health tracking, auto-failover after 3 failures, 30s cooldown | | Context Trimming | 3-phase: strip thinking blocks, compress old tool results, drop middle messages | | Parallel I/O | Grep runs 8 concurrent file reads with binary extension pre-filtering | | Streaming Filter | Array-based XmlStreamFilter with 8KB buffer compaction | | Rendering | Adaptive — 30fps during streaming, 60fps idle | | Edit Journal | Last 50 edits tracked for /undo support | | Prompt Cache | System prompt and project memory rebuilt only when cwd/mode changes |

Configuration

Stored in ~/.vibehacker/config.json:

| Option | Default | Description | |--------|---------|-------------| | apiKey | — | Primary API key | | baseURL | OpenRouter | Primary API endpoint | | maxTokens | 8192 | Max output tokens per response | | temperature | 0.6 | Generation temperature (0-1) | | maxToolIterations | 30 | Max tool calls per task |

FAQ

Is it really free? Yes. You get 50 requests/day with no setup. Add free keys from Groq, Cerebras, or Gemini for thousands more daily requests.

Does it send my code to the cloud? Code is sent to your chosen AI provider for processing. Nothing is stored on Vibe Hacker servers. For full privacy, use a self-hosted model.

Which models work best for Hunt mode? Llama 3.3 70B (Groq) and Qwen3 235B (Cerebras) handle tool calling best. Gemini 2.5 Flash offers 1M context for large codebases.

Can I use OpenAI or Anthropic? Yes. /addkey sk-your-key for OpenAI, /addkey sk-ant-your-key for Anthropic.

Windows support? Works via WSL or Git Bash. Native Windows terminal is experimental.

Node.js version? 16 or higher. Recommend 22 LTS.

Pro

Vibe Hacker Pro includes unlimited requests, priority model access, faster responses, and priority support.

Visit vibsecurity.com or type /pro in the app.

Contributing

See CONTRIBUTING.md.

Security

Report vulnerabilities per SECURITY.md.

License

MIT