The Package Security Analyzer is a web application that provides AI-powered security insights into software dependencies. Users can enter a package name (e.g., from npm) or a URL, and the tool leverages the Google Gemini API to deliver a comprehensive analysis, including a security rating, a list of known vulnerabilities, and recommendations for alternative packages.
- AI-Powered Analysis: Utilizes the Google Gemini API for deep, contextual analysis of software packages.
- Overall Security Rating: Generates a score from 0-10 based on objective metrics like maintenance status, popularity, and known issues.
- Exhaustive Vulnerability Scanning: Uses Google Search grounding to perform real-time checks for the latest CVEs and security advisories affecting the package and its critical dependencies.
- Alternative Recommendations: Suggests safer or more suitable alternative packages.
- Sourced Information: Displays the web sources used by the AI for its analysis, providing transparency and verifiability.
- Responsive & Modern UI: Built with React and Tailwind CSS for a clean, intuitive, and responsive user experience.
- Frontend: React with TypeScript
- Styling: Tailwind CSS
- AI/Backend: Google Gemini API
- Module Loading: ES Modules via esm.sh CDN (No local build step required for development)
To run this project locally, you will need to have a code editor and a web browser. No complex build tools are required.
- A modern web browser (e.g., Chrome, Firefox, Edge).
- A text editor (e.g., VS Code).
- A Google Gemini API Key. You can obtain one from Google AI Studio.
-
Clone the repository:
git clone https://github.com/your-username/package-security-analyzer.git cd package-security-analyzer -
Create an environment file: Duplicate the
.env.examplefile and rename it to.env.cp .env.example .env
-
Add your API Key: Open the newly created
.envfile and paste your Google Gemini API key.VITE_API_KEY="YOUR_GEMINI_API_KEY_HERE" -
Run the application:
# Install packages npm install # Run the server npm run dev
- Open the
application urlin the browser - Enter the name of an npm package (e.g.,
express,vue-pdfjs) into the input field. - Click the "Analyze" button.
- Wait for the analysis to complete. The results, including the rating, vulnerabilities, and recommendations, will be displayed on the screen.
This tool is for informational purposes only. The analysis is performed by an AI model and may not be 100% accurate or complete. Always perform your own due diligence and consult official security advisories before making decisions based on the information provided here.