infynon-cli
agent
Fail
Health Warn
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 6 GitHub stars
Code Fail
- fs module — File system access in .github/workflows/release.yml
- Hardcoded secret — Potential hardcoded credential in infynon.example.toml
- child_process — Shell command execution capability in npm/postinstall.js
- fs.rmSync — Destructive file system operation in npm/postinstall.js
- fs module — File system access in npm/postinstall.js
- fs.rmSync — Destructive file system operation in npm/preuninstall.js
- os.homedir — User home directory access in npm/preuninstall.js
- fs module — File system access in npm/preuninstall.js
- child_process — Shell command execution capability in npm/run.js
- spawnSync — Synchronous process spawning in npm/run.js
- fs module — File system access in npm/run.js
- rm -rf — Recursive force deletion command in scripts/install.sh
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This Rust-based CLI agent provides dependency risk scanning, API workflow testing, and shared coding memory for development teams.
Security Assessment
Overall Risk: High.
The tool presents several significant security concerns. It actively utilizes shell command execution and synchronous process spawning. Highly destructive file system operations are present, including recursive force deletions (`rm -rf` and `fs.rmSync`) embedded within the installation, run, and uninstallation scripts. These scripts also actively access the user's home directory. Additionally, a potential hardcoded credential was flagged in an example configuration file. While the primary application is built in Rust, the heavy reliance on JavaScript wrapper scripts for package management and execution introduces a substantial attack surface for supply chain or local privilege escalation.
Quality Assessment
The project is MIT licensed and actively maintained, with repository updates pushed as recently as today. However, community trust and visibility are currently very low. With only 6 stars on GitHub, the tool has not undergone broad peer review or widespread community adoption.
Verdict
Not recommended due to highly destructive installation scripts, shell execution capabilities, and a lack of broad community auditing.
This Rust-based CLI agent provides dependency risk scanning, API workflow testing, and shared coding memory for development teams.
Security Assessment
Overall Risk: High.
The tool presents several significant security concerns. It actively utilizes shell command execution and synchronous process spawning. Highly destructive file system operations are present, including recursive force deletions (`rm -rf` and `fs.rmSync`) embedded within the installation, run, and uninstallation scripts. These scripts also actively access the user's home directory. Additionally, a potential hardcoded credential was flagged in an example configuration file. While the primary application is built in Rust, the heavy reliance on JavaScript wrapper scripts for package management and execution introduces a substantial attack surface for supply chain or local privilege escalation.
Quality Assessment
The project is MIT licensed and actively maintained, with repository updates pushed as recently as today. However, community trust and visibility are currently very low. With only 6 stars on GitHub, the tool has not undergone broad peer review or widespread community adoption.
Verdict
Not recommended due to highly destructive installation scripts, shell execution capabilities, and a lack of broad community auditing.
Security-first Rust CLI for dependency risk scanning, API workflow testing, and shared coding memory.
README.md
INFYNON
INFYNON is a Rust CLI for three workflow problems:
- package security
- API flow testing
- repo memory & provenance
If your team installs dependencies fast, tests APIs through real workflows, and keeps losing context across branches, PRs, and machines, INFYNON is built for that exact shape of work.
Website: cli.infynon.com
Claude Code companion:
d4rkNinja/code-guardian
Good Fit For
- teams doing AI-assisted or high-speed coding
- backend teams testing stateful API workflows
- repos where package ownership and handoff context matter
- developers who want one CLI instead of three disconnected tools
What INFYNON Includes
| Area | Command | Best For | What It Solves |
|---|---|---|---|
| Package Security | infynon pkg |
scanning, safe installs, remediation, monitoring | risky dependencies, invisible installs, version exposure |
| API Flow Testing | infynon weave |
multi-step API execution and validation | brittle request scripts, missing flow context, runtime probes |
| Repo Memory & Provenance | infynon trace |
handoffs, package ownership, branch/PR/file/package notes, TUI inspection | lost context across people, PRs, branches, and machines |
How the workflow fits together
pkgchecks what is entering the systemweavetests how the real API path behavestracepreserves who changed what, why it changed, and what the team knew at the time
Why I Built INFYNON
Most tooling only covers one slice of the workflow.
- dependency scanners tell you what is risky
- API tools let you hit endpoints
- notes and handoffs live in chat, PR comments, or someone's head
That leaves a gap.
Modern teams need one place to:
- inspect dependency risk before it spreads
- test behavior across real request chains
- keep structured repo context visible and queryable
That is why INFYNON is organized into three product areas instead of one overloaded command set.
Recommended With Trace
If you want Trace to feel native inside Claude Code, use code-guardian as the companion layer:
- retrieve the latest Trace context before work starts
- write back team or package notes after work ends
- connect it with Claude Code hooks so the memory flow becomes automatic
Practical setup:
Claude Code + code-guardian + INFYNON Trace
That gives you:
infynon tracefor storage, retrieval, sync, compact, and TUI inspectioncode-guardianfor agent-side retrieval and update behavior
Quick Comparison
| Problem | Without INFYNON | With INFYNON |
|---|---|---|
| Package installs | you install first, inspect later | pkg lets you scan, audit, and control install-time workflows |
| API verification | isolated requests miss full behavior | weave models full flows with context threading |
| Repo context | provenance gets lost in chat and PR comments | trace keeps it structured, searchable, and inspectable |
Product Areas
infynon pkg
Use pkg when the question is about dependencies.
What it gives you:
- CVE scanning across 14 ecosystems
- secure install wrapper
- audit / why / outdated / diff / doctor / fix / clean / migrate
- scheduled monitoring with Eagle Eye
infynon pkg scan
infynon pkg audit
infynon pkg npm install express --strict high
infynon pkg fix --auto
infynon weave
Use weave when the question is about real API behavior.
What it gives you:
- node-based API flow testing
- context threading between requests
- OpenAPI import
- runtime prompt inputs
- live execution, run diff, and built-in security probes
infynon weave env set BASE_URL http://localhost:8001
infynon weave node create --ai "POST /auth/login extracts token"
infynon weave flow create "checkout" --ai "login then create order"
infynon weave flow run checkout
infynon weave ai probe checkout
infynon trace
Use trace when the question is about repo memory and provenance.
What it gives you:
- Redis for fast live retrieval and session-style coordination
- SQL for durable notes, structured queries, and long-term canonical memory
- canonical / team / user memory layers
- PR / branch / file / package notes with package ownership history
- compaction and reconciliation
- TUI-based inspection, note browsing, and package risk ownership
- first-class integration with the
code-guardianClaude Code companion
infynon trace init --owner team --user alien
infynon trace source add-sql team-db --engine sqlite --url sqlite://.infynon/trace/trace.db --user alien --default
infynon trace note add repo-handoff --title "Auth changed" --body "Refresh moved into middleware"
infynon trace sync --direction both
infynon trace tui
Claude Code companion:
d4rkNinja/code-guardian
Head-to-Head Comparison
infynon pkg vs Alternatives
| Feature | infynon pkg | npm audit | Snyk CLI | Socket CLI | OSV-scanner |
|---|---|---|---|---|---|
| Secure install wrapper | ✓ | — | — | ~ npm only | — |
| 14 ecosystems in one scan | ✓ | — | ~ | ~ | ~ |
| Block installs via strict mode | ✓ | — | — | ~ npm only | — |
| Scheduled CLI monitoring | ✓ | — | ~ server-side | — | — |
| PDF + Markdown report export | ✓ | — | — | — | — |
| Package version diff | ✓ | — | — | — | — |
| Per-package install decisions | ✓ | — | — | — | — |
| Auto-fix / remediation | ✓ | ~ basic | ✓ | ✓ | — |
| No SaaS account required | ✓ | ✓ | — | ~ | ✓ |
infynon weave vs Alternatives
| Feature | infynon weave | Postman | Hoppscotch | Bruno | Insomnia |
|---|---|---|---|---|---|
| Terminal TUI | ✓ | — | — | — | — |
| Runtime prompts (OTP / 2FA) | ✓ | — | ~ | — | — |
| Built-in AI security probes | ✓ | — | — | — | — |
| AI-assisted flow creation (CLI) | ✓ | ~ GUI only | ~ GUI / alpha | — | — |
| Visual flow graph in terminal | ✓ | — | — | — | — |
| Run diff (side-by-side) | ✓ | — | — | ~ paid | — |
| Context threading between nodes | ✓ | ✓ | ✓ | ✓ | ✓ |
| OpenAPI / Swagger import | ✓ | ✓ | ✓ | ✓ | ✓ |
| Offline, no account required | ✓ | — | ✓ | ✓ | ~ |
infynon trace vs Alternatives
| Feature | infynon trace | GitHub Wiki | Notion | Confluence | Obsidian |
|---|---|---|---|---|---|
| Native CLI | ✓ | — | ~ 3rd party | ~ ACLI | ✓ |
| Branch / file / package scoping | ✓ | — | — | — | — |
| Package ownership tracking | ✓ | — | — | — | — |
| Redis + SQL backend choice | ✓ | — | — | — | — |
| Multi-layer memory (team / user / canonical) | ✓ | — | — | — | — |
| Terminal TUI inspection | ✓ | — | — | — | — |
| Claude Code native integration | ✓ | — | ~ MCP | — | ~ |
| Structured retrieval by scope | ✓ | — | — | — | — |
| Bidirectional sync via CLI | ✓ | — | ~ | ~ | ✓ |
✓ = supported · ~ = partial or limited · — = not supported
Command Style
INFYNON keeps the root command simple:
infynon pkg <subcommand>
infynon weave <subcommand>
infynon trace <subcommand>
Install
npm
npm install -g infynon
Linux / macOS
curl -fsSL https://raw.githubusercontent.com/d4rkNinja/infynon-cli/main/scripts/install.sh | bash
Windows
irm https://raw.githubusercontent.com/d4rkNinja/infynon-cli/main/scripts/install.ps1 | iex
Source
cargo install --git https://github.com/d4rkNinja/infynon-cli
Docs
- docs home: cli.infynon.com/docs
- command reference: docs/commands.md
- Trace guide: docs/trace.md
- Weave guide: docs/weave.md
- scan guide: docs/scan.md
- install guide: docs/install.md
Claude Code companion:
Comparison Blogs
- One CLI vs fragmented tooling
pkgvsnpm auditpkgvs Snyk CLIpkgvs Socket.dev- Why Trace exists
- Why repo memory matters
Claude Code companion:
- code-guardian — gives Claude Code a practical Trace bridge
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found