npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

xibeguard

v1.0.0

Published

AI-powered dynamic penetration testing — auto-starts your app and actually hacks it

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

r3ap3reditr3ap3redit

Keywords

Readme

☠️ XibeGuard v3.0

AI-Powered Dynamic Penetration Testing
Detects your stack → Starts your app → Crawls all routes → Fires real exploits → AI analysis

XibeGuard v3 actually runs your application and attacks it. No more "theoretical vulnerabilities" — these are real confirmed exploits with evidence from your live app.

⚡ How It Works

1. 🔎 Detect stack    — Node/Python/PHP/Go/Ruby/Rust/Java auto-detected
2. 📦 Install deps    — npm install / pip install / composer install / etc.
3. 🚀 Start app       — Boots your app on a free local port
4. 🕷️  Crawl routes   — Spiders the app + parses source for all endpoints
5. ⚔️  Attack suite   — Fires real SQL injection, XSS, auth bypass payloads
6. 🧠 AI analysis     — Static code review for what attacks missed
7. 📄 Report          — Confirmed exploits + evidence + fixes

🚀 Quick Start

npm install && npm run build && npm link

xibeguard config          # setup API key + provider

cd /your/project
xibeguard pentest         # full attack
xibeguard hack            # alias

⚔️ Attack Modules

| Attack | What It Does | |--------|-------------| | 💉 SQL Injection | Fires 15+ payloads on every route/param. Checks for DB errors, timing attacks, UNION bypass | | 🕸️ XSS | Reflected + template injection. Tests query params, body, all GET routes | | 🔐 Auth Tests | Default credentials, brute force (rate limit check), auth bypass on protected routes | | 🔄 IDOR | Enumerates IDs on all parameterized routes, checks for unauthorized access | | ⚙️ Security Headers | Checks CSP, X-Frame-Options, HSTS, CORS misconfiguration | | 🌐 Open Redirect | Tests 6 common params with evil.com payloads on all routes | | 🔍 Info Disclosure | Probes .env, .git, stack traces, debug endpoints, backup files | | 🌐 SSRF | AWS metadata (169.254.169.254), internal services, file:// via URL params | | 💣 DoS / Rate Limit | 30-request flood test, 10MB payload test on sensitive endpoints |

🤖 Stack Support

XibeGuard auto-detects and auto-starts:

| Language | Frameworks | |----------|-----------| | Node.js | Express, Fastify, Koa, NestJS, Next.js, generic | | Python | Flask, Django, FastAPI, generic | | PHP | Laravel, generic (php -S) | | Ruby | Rails, Sinatra | | Go | Any (go run .) | | Rust | Actix, Axum (cargo run) | | Java | Spring Boot (mvn/gradle) |

📖 Commands

# Full dynamic pentest (auto-start + crawl + attack + AI)
xibeguard pentest [directory]
xibeguard hack [directory]      # alias

# Options
--output ./reports              # report output dir
--stream                        # stream AI analysis live
--skip-static                   # dynamic attacks only, no AI
--skip-dynamic                  # AI static analysis only
--no-reality-check              # disable brutal commentary

🔧 Configuration

xibeguard config                # interactive wizard

# Anthropic
xibeguard config --provider anthropic --anthropic-key sk-ant-... --anthropic-model claude-opus-4-6
xibeguard config --anthropic-url https://custom-proxy.com/v1   # support proxies/relays

# OpenAI
xibeguard config --provider openai --openai-key sk-... --openai-model gpt-4o

# Groq (fast + cheap)
xibeguard config --provider openai --openai-key gsk_... \
  --openai-model llama3-70b-8192 \
  --openai-url https://api.groq.com/openai/v1

# Ollama (free, local)
xibeguard config --provider openai --openai-key ollama \
  --openai-model llama3 \
  --openai-url http://localhost:11434/v1

Env vars also work: ANTHROPIC_API_KEY, OPENAI_API_KEY, OPENAI_BASE_URL

📊 Sample Output

☠️  XibeGuard Dynamic Penetration Test

🔎 Detecting tech stack...         → Node.js / Express
📦 Installing dependencies...      → npm install complete
🚀 Starting app on port 3001...    → App running at http://localhost:3001
🕷️  Crawling routes...             → Found 23 routes (47 URLs crawled)
⚔️  Launching attack suite...

💉 Testing SQL Injection...
  ⚡ CONFIRMED: SQL Injection [POST /api/login]
     Evidence: You have an error in your SQL syntax near ''' at line 1

🕸️ Testing XSS...
  ⚡ CONFIRMED: Reflected XSS [GET /api/search]
     Evidence: <script>alert(document.domain)</script> in response

🔐 Testing Authentication...
  ⚡ CONFIRMED: Default Credentials [POST /api/login]
     Evidence: Login succeeded with admin:admin
  ⚡ CONFIRMED: No Rate Limiting [POST /api/login]
     Evidence: 20 requests, no 429 response

🔍 Checking information disclosure...
  ⚡ CONFIRMED: Sensitive File Exposed [GET /.env]
     Evidence: DB_PASSWORD=supersecret123

📊 Pentest Summary
  Stack:      Node.js / Express
  Target URL: http://localhost:3001
  Routes:     23 discovered
  Attacks:    8 vulnerabilities CONFIRMED ← REAL, LIVE CONFIRMED
              ██ 3 CRITICAL
              4 HIGH

🔗 XibeCode + XibeGuard Loop

# 1. Find everything
xibeguard hack ./my-app

# 2. Auto-fix everything  
xibecode run "Fix all vulnerabilities in ./xibeguard-reports/pentest-report-*.md"

# 3. Verify fixes
xibeguard hack ./my-app

⚠️ Legal

For use only on code you own or have written authorization to test. Unauthorized use is illegal.

XibeGuard v3.0 — Built with TypeScript, Anthropic SDK, OpenAI SDK