Skip to content

ElytraSec/cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 
pnpm-lock.yaml
pnpm-lock.yaml
 
 
tsconfig.json
tsconfig.json
 
 
tsup.config.ts
tsup.config.ts
 
 
vitest.config.ts
vitest.config.ts
 
 

Repository files navigation

@elytrasec/cli

Elytra Security as a CLI. Scan a directory, get findings with severity + suggested fix, and a 0–100 grade.

173 detection rules across Solidity, JS/TS, Python, Go, Rust, Java, Ruby, PHP, plus IaC (Terraform, Kubernetes, Dockerfile, GitHub Actions). 12 famous-hack pattern detectors ($3.04B combined losses). Public scan receipts on every paid scan.

Install

# one-shot (no install)
npx -y @elytrasec/cli scan .

# global install
npm i -g @elytrasec/cli
elytra scan .

Two equivalent binaries are installed: elytra and elytrasec. Use whichever you prefer.

Usage

elytra scan [path]              # scan a directory (default: git-changed files only)
elytra scan [path] --full       # scan entire codebase
elytra scan [path] --fix        # auto-fix safe findings after scan
elytra clean [path]             # auto-fix code issues
elytra rewrite [path]           # AI-powered code rewrite
elytra harden [path]            # check for missing security controls
elytra init [path]              # set up Elytra in a project
elytra bulk                     # bulk scan repos
elytra rules                    # list all rules with CWE/OWASP tags
elytra version                  # print version

Common flags

  --rulesets <list>      Comma-separated: general,attack,quality,solidity  (default: general,attack,quality)
  --format <fmt>         table | json | markdown                            (default: table)
  --output <file>        Write report to a file
  --fail-on <severity>   Exit 1 if findings >= severity (critical|high|medium|low) — for CI use
  --static-only          Skip AI deep review (free, lower cost)
  --api-key <key>        Elytra API key (or set ELYTRA_API_KEY)

Privacy & safety

  • Local-first: the static engine runs on your machine. No source is uploaded for the default scan flow.
  • AI-assisted commands (rewrite, deep review) call out to the Elytra API only when explicitly invoked.
  • No private keys, no wallet signing, no shell exec beyond what the user requests.
  • --api-key is the only credential — read from flag or ELYTRA_API_KEY env, never written back to disk.

Pricing

  • The CLI itself is free.
  • Optional AI-powered deep review hits the paid Elytra API at $0.01/scan USDC via x402, or with a Bearer key (hello@elytrasec.io).

Links

License

MIT

About

Security scanner & code cleaner CLI for Elytra — 173 detection rules including 12 famous-hack patterns. npx -y @elytrasec/cli scan .

elytrasec.io

Topics

cli security scanner linter static-analysis smart-contracts solidity code-review defi ai-agent

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.4.0 — public release, 173 rules Latest
May 15, 2026

Packages

 
 
 

Contributors

Languages