PuryAI - AI-Powered Code Security Scanner 🛡️

![npm version](https://badge.fury.io/js/pury)
![TypeScript](https://www.typescriptlang.org/)
![License: MIT](https://opensource.org/licenses/MIT)

PuryAI is a powerful, AI-powered command-line tool and library that ensures the
"purity" and security of your codebase. It combines traditional static analysis
with cutting-edge AI technology to detect malware, vulnerabilities, secrets, and
code quality issues.

🌟 Features

$3

- Malware Detection: Advanced pattern recognition to identify malicious
code, obfuscation, and suspicious behaviors
- Secret Scanning: Detects API keys, passwords, tokens, and other sensitive
information
- Vulnerability Assessment: Identifies security weaknesses and dependency
vulnerabilities
- Code Quality: Analyzes code smells, performance issues, and
maintainability problems

$3

- Powered by Google's Gemini AI for intelligent code analysis
- Context-aware scanning that understands code intent
- Real-time streaming analysis for large codebases
- Low false-positive rates through AI reasoning

$3

- Console Cleaner: Remove debug statements before production
- Localization Helper: Convert non-English text to English for international
collaboration
- Environment Formatter: Organize and validate .env files
- Multiple Output Formats: Console, JSON, HTML, and SARIF reports

🚀 Quick Start

$3

``bash

`Install globally`


npm install -g pury
Or use with npx

npx pury --help


$3
1. Get your Gemini API key from Google AI Studio
2. Set the environment variable:

`bash export GEMINI_API_KEY="your-api-key-here"`

3. Initialize configuration:`bash pury init`

`$3`

`bash

`Scan current directory`


pury scan .
Scan specific directory with JSON output

pury scan ./src --format json
Clean console.log statements

pury clean-logs ./src --apply
Convert non-English text to English

pury localize ./src --apply
Format environment files

pury env-format .env --apply


📖 Detailed Usage
$3

`bash

`Basic security scan`


pury scan ./project
Scan with specific analyzers

pury scan ./src --analyzers malware secrets vulnerabilities
High sensitivity scan

pury scan ./src --sensitivity high
Output to file

pury scan ./src --format json --output security-report.json

$3

Create a puryai.config.yaml file:

`yaml scanner: exclude: - node_modules/** - dist/** - '*.min.js' maxFileSize: 1048576 # 1MB

analyzers: malware: enabled: true sensitivity: medium secrets: enabled: true sensitivity: high vulnerabilities: enabled: true sensitivity: medium

ai: provider: gemini gemini: model: gemini-2.5-flash temperature: 0.1 maxTokens: 2048`

`$3`

#### pury scan [path]

Scan files for security threats and code quality issues.

Options:

- --config : Configuration file path ---exclude : Patterns to exclude ---include : Patterns to include ---format : Output format (console, json, html, sarif) ---no-ai: Disable AI analysis ---analyzers : Specific analyzers to run ---sensitivity : Analysis sensitivity (low, medium, high)

#### pury clean-logs [path]

Remove console.log and debug statements.

Options:

- --apply: Actually apply changes (default is dry-run) ---backup: Create backup files ---exclude : Patterns to exclude

#### pury localize [path]

Convert non-English text to English.

Options:

- --apply: Apply changes ---backup: Create backup files ---target-lang : Target language (default: en)

#### pury env-format [path]

Format and organize environment files.

Options:

- --apply: Apply formatting ---backup: Create backup files ---sort: Sort variables alphabetically ---group: Group related variables

#### pury init

Initialize configuration file.

Options:

- --force: Overwrite existing config ---global: Create global config ---template : Config template (default, strict, minimal)

`🔧 Library Usage`

PuryAI can also be used as a library in your Node.js applications:

`typescript import { PuryAI } from 'pury';

const pury = new PuryAI(); await pury.loadConfig();

const report = await pury.scan( { path: './src', recursive: true }, { analyzers: ['malware', 'secrets'], useAI: true, sensitivity: 'medium' } );

console.log(Found ${report.summary.threatsFound} issues);`

`🎯 Detection Capabilities`

`$3`

- Obfuscated JavaScript/TypeScript code - Base64 encoded payloads - Suspicious function calls (eval, exec, Function constructor) - Dynamic code generation - Command injection patterns - Network exfiltration attempts

`$3`

- API keys (AWS, Google, GitHub, etc.) - Database credentials and connection strings - JWT tokens and OAuth secrets - Private keys and certificates - Hardcoded passwords - Webhook URLs

`$3`

- SQL injection opportunities - Cross-site scripting (XSS) risks - Command injection vulnerabilities - Path traversal issues - Insecure cryptographic usage - Authentication bypasses

`$3`

- Debug statements (console.log, debugger) - Dead code and unreachable blocks - Performance anti-patterns - Complexity violations - Non-English text in code

`🔒 Security & Privacy`

- No Code Upload: All analysis happens locally on your machine - API Privacy: Only code patterns are sent to AI services, not full source code - Configurable: Disable AI analysis entirely if needed - Open Source: Full transparency in security analysis methods

`📊 Output Formats`

`$3`

Clean, color-coded terminal output with severity indicators and actionable suggestions.

`$3`

`json { "summary": { "filesScanned": 42, "threatsFound": 3, "severityCount": { "high": 1, "medium": 2, "low": 0 } }, "findings": [ { "type": "secret", "severity": "high", "title": "API Key Detected", "file": "config.js", "line": 15, "suggestion": "Move to environment variables" } ] }``

$3

Interactive HTML report with filtering and detailed findings.

$3

Industry-standard format compatible with GitHub, VS Code, and other tools.

🛣️ Roadmap

- VS Code Extension: Real-time scanning in your editor
- CI/CD Integration: GitHub Actions, Jenkins, GitLab pipelines
- Custom Rules: Define your own detection patterns
- Team Collaboration: Shared configurations and reporting
- More AI Providers: OpenAI, Claude, and local models
- Additional Languages: Python, Java, Go, Rust support

🤝 Contributing

We welcome contributions! Please see our Contributing Guide
for details.

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests
5. Submit a pull request

📄 License

MIT License - see LICENSE file for details.

🙏 Acknowledgments

- Google Gemini AI: For powering our intelligent analysis
- Open Source Community: For security patterns and vulnerability data
- Security Researchers: For continuous improvement of detection methods

📞 Support

- 📚 Documentation
- 🐛 Issue Tracker
- 💬 Discord Community
- 📧 Email Support

---

Made with ❤️ by the PuryAI Team

_Keep your code pure, secure, and ready for production!_

PuryAI - AI-Powered Code Security Scanner 🛡️

![npm version](https://badge.fury.io/js/pury)
![TypeScript](https://www.typescriptlang.org/)
![License: MIT](https://opensource.org/licenses/MIT)

🌟 Features

$3

🚀 Quick Start

$3

``bash

`Install globally`


npm install -g pury
Or use with npx

npx pury --help


$3
1. Get your Gemini API key from Google AI Studio
2. Set the environment variable:

`bash export GEMINI_API_KEY="your-api-key-here"`

3. Initialize configuration:`bash pury init`

`$3`

`bash

`Scan current directory`


pury scan .
Scan specific directory with JSON output

pury scan ./src --format json
Clean console.log statements

pury clean-logs ./src --apply
Convert non-English text to English

pury localize ./src --apply
Format environment files

pury env-format .env --apply


📖 Detailed Usage
$3

`bash

`Basic security scan`


pury scan ./project
Scan with specific analyzers

pury scan ./src --analyzers malware secrets vulnerabilities
High sensitivity scan

pury scan ./src --sensitivity high
Output to file

pury scan ./src --format json --output security-report.json

$3

Create a puryai.config.yaml file:

`yaml scanner: exclude: - node_modules/** - dist/** - '*.min.js' maxFileSize: 1048576 # 1MB

analyzers: malware: enabled: true sensitivity: medium secrets: enabled: true sensitivity: high vulnerabilities: enabled: true sensitivity: medium

ai: provider: gemini gemini: model: gemini-2.5-flash temperature: 0.1 maxTokens: 2048`

`$3`

#### pury scan [path]

Scan files for security threats and code quality issues.

Options:

#### pury clean-logs [path]

Remove console.log and debug statements.

Options:

- --apply: Actually apply changes (default is dry-run) ---backup: Create backup files ---exclude : Patterns to exclude

#### pury localize [path]

Convert non-English text to English.

Options:

- --apply: Apply changes ---backup: Create backup files ---target-lang : Target language (default: en)

#### pury env-format [path]

Format and organize environment files.

Options:

- --apply: Apply formatting ---backup: Create backup files ---sort: Sort variables alphabetically ---group: Group related variables

#### pury init

Initialize configuration file.

Options:

- --force: Overwrite existing config ---global: Create global config ---template : Config template (default, strict, minimal)

`🔧 Library Usage`

PuryAI can also be used as a library in your Node.js applications:

`typescript import { PuryAI } from 'pury';

const pury = new PuryAI(); await pury.loadConfig();

const report = await pury.scan( { path: './src', recursive: true }, { analyzers: ['malware', 'secrets'], useAI: true, sensitivity: 'medium' } );

console.log(Found ${report.summary.threatsFound} issues);`

`🎯 Detection Capabilities`

`$3`

- API keys (AWS, Google, GitHub, etc.) - Database credentials and connection strings - JWT tokens and OAuth secrets - Private keys and certificates - Hardcoded passwords - Webhook URLs

`$3`

- SQL injection opportunities - Cross-site scripting (XSS) risks - Command injection vulnerabilities - Path traversal issues - Insecure cryptographic usage - Authentication bypasses

`$3`

- Debug statements (console.log, debugger) - Dead code and unreachable blocks - Performance anti-patterns - Complexity violations - Non-English text in code

`🔒 Security & Privacy`

`📊 Output Formats`

`$3`

Clean, color-coded terminal output with severity indicators and actionable suggestions.

`$3`

$3

Interactive HTML report with filtering and detailed findings.

$3

Industry-standard format compatible with GitHub, VS Code, and other tools.

🛣️ Roadmap

🤝 Contributing

We welcome contributions! Please see our Contributing Guide
for details.

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests
5. Submit a pull request

📄 License

MIT License - see LICENSE file for details.

🙏 Acknowledgments

📞 Support

- 📚 Documentation
- 🐛 Issue Tracker
- 💬 Discord Community
- 📧 Email Support

---

Made with ❤️ by the PuryAI Team

_Keep your code pure, secure, and ready for production!_