New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

frai

Package Overview
Dependencies
Maintainers
1
Versions
5
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

frai

FRAI - Framework of Responsible Artificial Intelligence

latest
Source
npmnpm
Version
1.1.4
Version published
Weekly downloads
13
160%
Maintainers
1
Weekly downloads
 
Created
Source

 ███████████ ███████████     █████████   █████
░░███░░░░░░█░░███░░░░░███   ███░░░░░███ ░░███ 
 ░███   █ ░  ░███    ░███  ░███    ░███  ░███ 
 ░███████    ░██████████   ░███████████  ░███ 
 ░███░░░█    ░███░░░░░███  ░███░░░░░███  ░███ 
 ░███  ░     ░███    ░███  ░███    ░███  ░███ 
 █████       █████   █████ █████   █████ █████
░░░░░       ░░░░░   ░░░░░ ░░░░░   ░░░░░ ░░░░░

FRAI · Framework of Responsible Artificial Intelligence

npm version

FRAI (Framework of Responsible Artificial Intelligence) is an open-source toolkit that helps any team — from solo developers to compliance officers — ship AI features responsibly. It walks you through quick questions, scans your code, and generates documentation you can actually hand to stakeholders: implementation checklists, model cards, risk files, evaluation reports, and policy-aware RAG indexes.

Think of FRAI as a safety net for AI launches: it collects the right facts, highlights blind spots, and keeps evidence tidy so production reviews stop feeling like guesswork.

🚀 Getting Started

1. Install FRAI globally:

npm install -g frai

2. Set up your OpenAI API key (required for AI-powered tips):

frai --setup

You only need to do this once per machine or project. Your key is stored securely and never shared.

3. Run FRAI in your project:

frai

Tip: frai is available globally after installing the published npm package. If you're working from a local clone, follow the steps in Local Development to run the CLI from source.

🛠️ CLI Commands & Features

CommandDescription
fraiInteractive mode for documenting an AI feature (8-question progressive system)
frai --scanScan codebase for AI/ML code and generate docs
frai --setupSet up your OpenAI API key (local/global)
frai --ciRun in CI mode (non-interactive)
frai --help, -hShow help and usage info
frai --version, -vShow current version
frai --updateCheck for new versions of FRAI
frai --list-docsList generated documentation files
frai --cleanRemove generated documentation files
frai --export-pdfExport documentation markdown files as PDFs
frai --show-configShow API key config status
frai --key=API_KEYProvide OpenAI API key directly (one-off use)
frai --globalUse with --setup to save API key globally
frai rag indexIndex compliance docs into a local vector store
frai evalRun baseline evaluation metrics and write reports

RAG Indexing

frai rag index --input docs/policies --output .frai/compliance-index.json --chunk-size 400
  • Scans .md, .txt, .json, .yaml files recursively.
  • Generates a lightweight JSON vector store consumable by SDKs and future connectors.

Evaluation Harness

frai eval --outputs runs/outputs.json --references runs/golden.json --report reports/eval --format markdown
  • Runs baseline metrics (exact match, toxicity keyword scan, length variance).
  • Produces JSON and/or Markdown summaries for CI and governance reviews.

Docs generated:

  • checklist.md — Implementation checklist
  • model_card.md — Model card
  • risk_file.md — Risk & compliance

💡 Features

  • Progressive 8-question system: Context-aware, fast, and actionable
  • AI-powered recommendations: Get tailored tips for responsible AI
  • Comprehensive documentation: Checklist, model card, and risk file
  • PDF export: Convert docs to PDF with one command
  • Codebase scanning: Detects AI/ML code and generates relevant docs
  • Easy setup: One-time API key configuration
  • Compliance-aware RAG: Build vector stores from policies for knowledge-grounded guardrails
  • Evaluation harness: Run baseline metrics and capture auditable reports

Monorepo Layout

frai/
├─ packages/
│  ├─ frai-cli/      # CLI entry point and command wiring
│  └─ frai-core/     # Reusable services (config, questionnaire, documents, scanners, RAG, eval)
├─ docs/             # Roadmaps, design notes, and feature backlogs
└─ examples/         # Sample AI projects used in tests and demos

🔑 API Key Setup

FRAI requires an OpenAI API key for generating AI-powered tips and documentation. Run:

frai --setup

If you skip this step, FRAI will prompt you to set up your key on first use.

🧑‍💻 Local Development

Run FRAI directly from this repository without publishing:

pnpm install
pnpm --filter frai run build
node packages/frai-cli/dist/index.js --help

Configure an OpenAI key from source

  • Interactive CLI: 
    node packages/frai-cli/dist/index.js --setup YOUR_KEY
  • Manual .env: 
    OPENAI_API_KEY=YOUR_KEY

To test the global binary locally (without npm publishing), install the workspace package:

pnpm install --global ./packages/frai-cli
# then:
frai --setup

📖 Learn More

Generated by FRAI - Responsible AI in Minutes

Keywords

ai
responsible-ai
ethics
compliance
documentation
ai-governance

FAQs

Package last updated on 24 Oct 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

Research

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.

By Socket Research Team  -  Mar 31, 2026