npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

whisper-ai

v1.6.2

Published

AI-powered code intelligence CLI for code security, analysis, and review

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

alameenpdalameenpd

Keywords

cliaicode-analysissecuritycode-reviewdeveloper-toolswhisperllmgeminiopenai

Readme

🛡️ Whisper CLI - AI Security Intelligence

npm version License: MIT Node.js

The most advanced AI-powered security scanner for developers. Whisper CLI combines static analysis with cutting-edge AI models to deliver comprehensive security insights, automatic fixes, and intelligent recommendations—all running locally with complete privacy.

🚀 New in v2.0: Interactive post-scan workflows, comprehensive markdown reports, scan history management, and AI-powered automatic fixing!

✨ Key Features

🔍 Intelligent Security Scanning

  • Dual Analysis: Static security rules + AI-powered deep analysis
  • Latest AI Models: Gemini 2.0 Flash, GPT-4o, Claude 3.5 Sonnet
  • Comprehensive Reports: Executive summaries + detailed markdown reports
  • Risk Assessment: Automatic severity classification and risk scoring

🤖 AI-Powered Automatic Fixing

  • One-Click Fixes: AI analyzes and fixes security issues automatically
  • Smart Backups: Automatic backup creation before applying fixes
  • Batch Processing: Fix multiple files simultaneously
  • Context Preservation: Maintains code functionality while fixing security issues

📊 Advanced History Management

  • Persistent Storage: All scans saved locally in ~/.whisper/
  • Rich History: View past scans with dates, severity, and fix status
  • Historical Fixes: Apply AI fixes from any previous scan
  • Context Recovery: Full scan results and metadata preserved

🎯 Interactive Workflows

  • Post-Scan Options: Choose to fix, save, or exit after each scan
  • Smart Recommendations: Tailored advice based on your codebase
  • Priority Actions: Clear guidance on what to fix first
  • Progress Tracking: Real-time feedback during AI operations

🚀 Installation

1. Install via npm (recommended)

npm install -g whisper-cli-ai

2. Or clone from GitHub (for open source contributors)

git clone https://github.com/Alinxus/whisper-cli.git
cd whisper
npm install
npm run build
npm link # (optional, to use as a global CLI)

🔑 Setup: Provide Your AI API Keys

  1. Copy the example environment file:
    cp .env.example .env
  2. Open .env and add your API keys for any of the following:
    • GEMINI_API_KEY (Google Gemini)
    • OPENAI_API_KEY (OpenAI)
    • ANTHROPIC_API_KEY (Anthropic Claude)

You only need to provide the keys for the AI providers you want to use.

📂 Using .whisperignore

You can create a .whisperignore file in your project root to exclude files and folders from being scanned by Whisper CLI. This works just like a .gitignore file.

  • Why? To speed up scans and avoid analyzing files you don't care about (e.g., node_modules, build output, logs, etc).
  • How? Add one pattern per line. Example:
node_modules/
dist/
build/
*.log
.env
.git/
coverage/
  • Default ignores: Whisper CLI already ignores common folders like node_modules, .git, dist, etc. Your .whisperignore will be merged with these defaults.

🛠️ Usage

Scan your code for vulnerabilities

whisper scan [path] [options]
  • Example:
    whisper scan . --ai --model gpt-4o

Explain a file or function

whisper explain <file> [options]
  • Example:
    whisper explain src/index.js --model gemini-1.5-pro

Suggest and auto-fix issues

whisper fix [path] [options]

Use the AI chat mode

whisper chat [options]

Add a Git pre-commit security guard

whisper guard --install

📋 Available Commands

  • scan — Scan code for vulnerabilities and improvements
  • explain — Explain code with AI
  • fix — Suggest and auto-fix issues
  • chat — Interactive AI chat mode
  • guard — Git pre-commit security guard
  • config — Manage CLI configuration
  • plugin — Manage CLI plugins
  • history — View local chat and scan history
  • update — Update the CLI
  • doctor — Diagnose and fix common issues

Note: There are no auth, analytics, or backend commands. Everything runs locally and securely.

🧑‍💻 Open Source & Contributing

We welcome contributions! To get started:

  1. Fork this repo and clone it locally.
  2. Install dependencies: npm install
  3. Make your changes and add tests if needed.
  4. Open a pull request with a clear description.

Development

  • The CLI entry point is in bin/whisper.js.
  • Main logic is in lib/.
  • Backend code (in backend/) is provided as a template and is not required for CLI use.

🙋 FAQ

Q: Do I need to sign up or log in?

No. Just provide your own AI API keys in .env.

Q: Is my code sent to any backend?

No. All analysis is done locally and only sent to the AI APIs you configure.

Q: Can I use this for commercial or team projects?

Yes! Just provide your own API keys and use it anywhere.

📣 License

MIT License. See LICENSE for details.

Happy coding and stay secure!