projectlens - npm

npm

Search<br>Sign UpSign In

projectlens<br>1.0.1 • Public • Published 4 hours ago<br>Readme<br>Code Beta<br>6 Dependencies<br>0 Dependents<br>3 Versions<br>Projectlens CLI

Local lint, type-check & AI security dashboard for JS/TS projects (Next.js, SvelteKit, Vue, plain Node).

Run one command inside any project and Projectlens runs your real ESLint and<br>TypeScript toolchain, audits your dependencies, runs an AI security review over<br>your source, and opens a live dashboard at localhost:4321.

projectlens # run checks + open the dashboard<br>projectlens --no-ai # skip the AI security pass (lint + types only)<br>projectlens --ci # run once, print summary, exit non-zero on issues<br>projectlens --json # print the full report as JSON and exit<br>projectlens --min-score 80 # in --ci mode, fail if health score

What the dashboard shows

The dashboard turns one run into a navigable workspace:

Overview — composite health score, severity breakdown, and per-category summaries.

Trends — an interactive multi-metric chart and per-run history table built from<br>the local .projectlens/ run history (deltas, peak/low/avg).

Code quality — Lint, Types, and Tests findings from your real toolchain.

Security — AI security review with severity sub-tabs (Critical → Info).

Dependencies — real CVE advisories with fix-version guidance.

Database — schema inspection plus a foreign-key relationship graph.

API surface — a map of detected routes (Next, Express, Hono, Fastify, SvelteKit,<br>Nuxt) with method, auth, and validation coverage.

Auth, Environment, Network, Git/CI, Docs — focused panels for each area.

Task Manager — a built-in kanban board (see below).

Task Manager (dashboard-only)

Every finding has a Track task action — in its detail sheet and inline on each<br>list row. Tracking adds it to a kanban board and marks the row so you can see what's<br>already on your worklist at a glance.

Custom columns — rename/delete the defaults (To do / In progress / Done) and add<br>your own; drag cards between columns to change status.

Groups/tags — file tasks under labels like "This sprint" or "Tech debt" and filter<br>by them; create a group inline while tracking.

Detail — click a tracked finding to reopen its full analysis; click a free-form task<br>to edit its column, priority, group, and notes.

The board is stored only in your browser (localStorage) — it never leaves your machine or<br>reaches the CLI. Manage or reset it from Settings → Task board .

Screenshots

How it works

cli.ts entry point + flag parsing (commander)<br>run.ts orchestrates the pipeline, emits streaming events<br>detect.ts reads package.json → framework + package manager<br>runners/eslint.ts spawns your local eslint, parses --format json<br>runners/tsc.ts spawns tsc --pretty false, parses the diagnostic chain<br>runners/audit.ts npm/pnpm/yarn audit --json → real CVE advisories<br>ai/audit.ts AI SDK security review (code) + dependency prioritization<br>report.ts weighted composite health score<br>store.ts local run history in .projectlens/ (powers trends)<br>server.ts local HTTP + WebSocket server that serves the dashboard

The dashboard (the Next.js app one level up) is prebuilt into cli/public and<br>served statically, so the installed tool has no runtime build step.

Building

# from the cli/ package<br>pnpm install<br>pnpm build # builds the dashboard into ./public, then bundles the CLI

pnpm build runs two steps:

build:dashboard — static-exports the Next.js dashboard (with<br>PROJECTLENS_EXPORT=1) and copies it into cli/public.

tsup — bundles src/ into dist/.

Installing it into your own projects

Local link (best while iterating on the tool):

cd cli<br>pnpm build<br>pnpm link --global

cd ~/your-project<br>projectlens

Run directly by path (no linking):

node ~/path/to/cli/dist/cli.js

Publish (optional, for npx projectlens):

cd cli<br>npm publish

AI security audit

The AI pass needs a model key. Projectlens uses the Vercel AI Gateway, so set one of:

export AI_GATEWAY_API_KEY=... # recommended<br># or<br>export OPENAI_API_KEY=...

By default the audit runs on a free OpenRouter text model<br>(meta-llama/llama-3.3-70b-instruct:free) and automatically falls back to<br>google/gemini-2.5-flash if the primary model errors or is rate-limited, so the<br>review keeps working out of the box. Override either via env or .projectlensrc:

export PROJECTLENS_MODEL=openai/gpt-5-mini # primary model<br>export PROJECTLENS_FALLBACK_MODEL=anthropic/claude-haiku-4

Without a key, lint + type-check + dependency advisories still run; only the AI<br>code review and prioritization are skipped (--no-ai silences the warning).<br>Only the selected security-relevant source files are sent to the model.

Readme<br>Keywords<br>none

Package Sidebar<br>Install<br>npm i projectlens

DownloadsWeekly Downloads<br>302

Version<br>1.0.1

License<br>MIT

Last publish<br>4 hours ago

Collaborators

dagmawibabi

Analyze security with SocketCheck bundle size View package health Explore dependencies<br>Report malware