[](https://www.npmjs.com/package/depfix-ai) [](https://opensource.org/licenses/MIT)
CLI for dependency audit, env file generation, and contributor onboarding. Fix your deps, generate
.env.example, and get projects ready in one command.
Requires Node.js ≥ 18.
Global (npm or pnpm):
npm install -g depfix-ai
# or
pnpm add -g depfix-ai
Run without installing (npx / pnpm dlx):
npx depfix-ai@latest # Recommended: always runs latest (bypasses cache)
npx depfix-ai-latest # Same as above (alias)
npx depfix-ai # May use cached version
npx depfix-ai --help
pnpm dlx depfix-ai@latest
Running npx depfix-ai or depfix-ai with no args launches the interactive menu. Or run commands directly:
depfix-ai audit # Security audit + human summary
depfix-ai env generate # Scan source → .env.example
depfix-ai onboard # Install deps + env + tests
depfix-ai fix # Preview fixes (dry-run); use --apply to apply
One-off (no install):
npx depfix-ai@latest # Interactive menu (recommended – always latest)
npx depfix-ai audit
pnpm dlx depfix-ai@latest env generate
depfix-ai auditRun a security audit and get a human-readable summary (npm and pnpm).
| Flag | Description |
|---|---|
--json | Print raw npm audit JSON |
--severity <level> | low | moderate | high | critical (default: low) |
--fail | Exit 1 if vulnerabilities ≥ severity |
depfix-ai audit
depfix-ai audit --severity high --fail
depfix-ai audit --json
depfix-ai env generateScan source for process.env.* and import.meta.env.*; generate grouped .env.example (and optionally a blank .env).
| Flag | Description |
|---|---|
--out <path> | Output file (default: .env.example) |
--create | Create .env with blank values if missing |
--force | Overwrite .env when used with --create |
--check | Verify .env.example has all vars; exit 1 if not |
depfix-ai env generate
depfix-ai env generate --create
depfix-ai env generate --check
depfix-ai fixPreview dependency fixes (dry-run by default). Use --apply to write changes.
| Flag | Description |
|---|---|
--apply | Apply changes |
--force | Pass --force to npm audit fix |
--stash | Auto-stash if git dirty |
--commit | Auto-commit with chore(deps): audit fix |
--dry-run | Preview only (default) |
depfix-ai fix
depfix-ai fix --apply
depfix-ai onboardOne-command setup: backup (git stash), install deps, env generate, run tests.
| Flag | Description |
|---|---|
--skip-install | Skip npm install |
--skip-env | Skip env generate |
--skip-test | Skip test script |
depfix-ai onboard
depfix-ai onboard --skip-test
git clone https://github.com/hesxo/depfix-ai.git
cd depfix-ai
npm ci
# or: pnpm install
npm run build
npm test
Scripts: build · test · lint · version:patch
MIT
FAQs
[](https://www.npmjs.com/package/depfix-ai) [](https://opensource.org/licenses/MIT)
We found that depfix-ai demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.