npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

vscan

v0.0.9

Published

Secure your large codebases with AI. One command from vulnerability to solutions.

Readme

VScan

Secure your large codebases with AI. One command from vulnerability to solutions.

npx vscan

Find vulnerabilities in your code and dependencies, then stream AI-generated solutions directly to your codebase using Vaktex models.

Optionally, pass mcp init to scan incrementally as your agents write code.

Features

  • AI security models that outperform Snyk and GPT-5.5
  • Detects vulnerabilities in code and dependencies
  • AI-generated solutions applied directly to your codebase
  • Zero-install CLI (npx vscan)
  • MCP support for Claude, Cursor, and Codex
  • Interactive terminal and JSONL streaming
  • Runs on macOS, Linux, and Windows

Install

Run without installing (recommended):

npx vscan

Or install globally:

npm install -g vscan
vscan

Requires Node.js 18+ and a Vaktex account. Prebuilt binaries are available for macOS, Linux, and Windows (x64 and arm64).

Quick start

# Authenticate
vscan auth

# Scan the current directory
vscan .

# Scan another project
vscan ./repo

# Stream JSONL output
vscan ./repo --format jsonl > report.jsonl

# Auto-apply suggested solutions
vscan ./repo --format jsonl --yes > report.jsonl

# Start the MCP server
vscan mcp

# Configure Claude, Cursor, or Codex
vscan mcp init

Two modes

  • Interactive (default, no --format): a guided wizard to browse findings and apply solutions one at a time.
  • Streaming (--format jsonl): the only non-interactive format. It emits one JSON object per finding to stdout, ideal for agents, CI, and pipelines. Add --yes / -y to auto-apply solutions.

JSONL shape

One line per finding:

{ "file": "src/db.py", "vulnerabilities": ["CWE-89"], "vulnerability_name": "SQL Injection", "solution": "cursor.execute(\"SELECT * FROM users WHERE id = %s\", (uid,))" }

solution is omitted if the model has no resolution capabilities.

Commands

| Command | What it does | | --- | --- | | vscan auth | Authenticate client | | vscan model [<id>] | Set scanning model | | vscan about | Account, features, and dependencies | | vscan agent [<dir>] | Interactive security agent: scans, fixes, verifies | | vscan isolated <path> | Scan inside a local air-gapped container | | vscan usage | View your usage | | vscan mcp | Local MCP server over stdio | | vscan mcp init | Install MCP config for Claude, Codex, or Cursor | | vscan help | Show help message |

Flags: --format jsonl, --yes / -y, --version / -v, --help / -h.

MCP

vscan mcp starts a local stdio MCP server exposing tools to coding agents. Compatible agents can use it to scan files inside the current project and apply suggested resolutions.

Run vscan mcp init to install config into a supported local MCP host. The installer asks which package manager to use (npm, bun, pnpm, or yarn) and which host to configure (Claude, Codex, or Cursor).

Agent mode

vscan agent [dir] opens an interactive agent session. It reads your recent git changes first (or plans a full scan without git), decides what to scan using the same VScan scanner, applies fixes it judges correct — asking only before destructive edits — and verifies every fix (syntax parse + re-scan) before it finishes.