
Security News
Node.js Considers Public Workflow for Security Reports Amid AI-Driven Surge
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.
**kernelCAD** turns mechanical intent into validated, editable, manufacturable design artifacts.
kernelCAD turns mechanical intent into validated, editable, manufacturable design artifacts.
The core loop is: intent -> generated .kcad.ts -> rendered model ->
validation checks -> guided revision -> export package.
kernelCAD is not trying to be a browser clone of Fusion, Onshape, or SolidWorks, and it is not just a Replicad wrapper. Replicad/OpenCASCADE are the kernel layer. kernelCAD is the agent-first workflow layer above the kernel: deterministic CAD source, feature history, diagnostics, validation, variants, and human review.
.kcad.ts, CLI, and MCP. The UI reviews and steers generated designs.npm install -g kernelcad
Drop this in bracket.kcad.ts:
const w = param('Width', 60, { unit: 'mm' });
const h = param('Height', 40, { unit: 'mm' });
const t = param('Thickness', 5, { unit: 'mm' });
const base = box(w, h, t);
const hole = cylinder(t + 2, 4).translate(w / 2, h / 2, -1);
return base.subtract(hole).fillet(1);
Run it:
kernelcad evaluate bracket.kcad.ts
kernelcad export stl bracket.kcad.ts -o bracket.stl
That's it. For agents: kernelcad mcp runs an MCP server with dynamic model
introspection tools. See SKILL.md (bundled with the install) for the full API
surface and authoring guide.
Web app + dev workflow (clone the repo, npm install, npm run dev) for contributors who want to hack on the kernel or the visual debugger:
git clone https://github.com/w1ne/kernelCAD-web.git
cd kernelCAD-web
npm install
npm run dev # web visual debugger at localhost:5173
npm run build:cli # build the CLI bundle into dist/cli/
npm run test # full vitest suite
npm run qc # quick quality gate (lint + typecheck + tests)
MIT — see LICENSE.
FAQs
**kernelCAD** turns mechanical intent into editable `.kcad.ts` source, deterministic review evidence, and exportable manufacturing artifacts.
The npm package kernelcad receives a total of 173 weekly downloads. As such, kernelcad popularity was classified as not popular.
We found that kernelcad demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.