Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

shieldai

VanshGoyal00012MIT1.0.0

AI-powered code security analysis and automated fixing tool powered by Google's Generative AI

security, ai, code-analysis, vulnerability-detection, security-scanning, code-security, automated-fixing, gemini-ai, security-agent

readme

ShieldAI 🛡️

AI-powered code security analysis and automated fixing tool powered by Google's Generative AI

NPM Version License: MIT Node.js Version

Features

  • 🔍 Real-time code security analysis
  • 🛠️ Automated security vulnerability fixes
  • 👀 File monitoring for security issues
  • 📊 Detailed security reports
  • ⚡ Multiple scan levels
  • 🔄 Automatic backup of modified files
  • 🎯 Customizable security rules

Installation

npm install -g shieldai

Quick Start

  1. Install the package globally
  2. Run the security agent:
    shieldai
  3. On first run, you'll be prompted for your Google AI API key

Usage

Basic Commands

shieldai              # Start the interactive security agent
shieldai check file   # Analyze a specific file
shieldai fix file     # Fix security issues in a file
shieldai monitor dir  # Monitor directory for security issues

Security Analysis

check <file> [lines]     # Analyze file for security issues

Examples:

  • check index.js
  • check index.js 10-50
  • check ./src/*.js

Auto-Fix

fix <file> [lines]       # Apply security fixes

Examples:

  • fix index.js
  • fix index.js 25-30
  • fix vulnerable-code.js --autofix

Monitoring

monitor <path>           # Watch files for security issues

Examples:

  • monitor ./src
  • monitor index.js --realtime
  • monitor ./ --exclude=node_modules

Security Checks

ShieldAI performs comprehensive security analysis including:

  1. Input Validation

    • SQL Injection vulnerabilities
    • XSS vulnerabilities
    • Command injection risks

  2. Authentication

    • Weak authentication methods
    • Insecure password storage
    • Session management issues

  3. Data Exposure

    • Sensitive data leaks
    • Insecure data storage
    • Unencrypted data transmission

  4. Dependencies

    • Vulnerable dependencies
    • Outdated packages
    • Known CVEs

  5. Code Injection

    • Remote code execution risks
    • Unsafe eval usage
    • Template injection

  6. File System

    • Path traversal vulnerabilities
    • Unsafe file operations
    • Directory listing risks

Configuration

Access configuration settings using:

shieldai config

Available Settings

  • API Key: Your Google AI API key
  • Scan Level:
    • basic - Faster, basic security checks
    • standard - Balanced security analysis
    • thorough - Deep, comprehensive scanning
  • Auto-Fix: Enable/disable automatic fixing
  • Backup: Enable/disable backup file creation

Example Output

╔═══════════════════════════════════════════╗
║           🛡️ SHIELD AI 1.0 🛡️           ║
╚═══════════════════════════════════════════╝

Security Analysis Results:

[HIGH] SQL Injection vulnerability found
Recommendation: Use parameterized queries

Security Checks Summary:

Input Validation: ✓
Authentication Issues: ✗
Data Exposure: ✓
Dependency Vulnerabilities: ✓
Code Injection Risks: ✗
File System Security: ✓

Requirements

  • Node.js >= 14.0.0
  • Google AI API key

Dependencies

  • @google/generative-ai: ^0.2.1
  • chalk: ^4.1.2
  • chokidar: ^3.5.3
  • inquirer: ^8.2.6
  • ora: ^5.4.1
  • readline-sync: ^1.4.10

Contributing

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add some amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Author

Vansh Goyal

Support

For bugs and feature requests, please create an issue.

Made with ❤️ using Google's Generative AI