Skip to content

Hookwarden

Secrets & Credentials

A local, deterministic scanner that verifies webhook signatures across JS/TS, Python, and PHP projects.

Track releases GitHub
TypeScript Latest v0.8.1 · 6h ago Security brief →

Features

  • Scans JavaScript/TypeScript, Python, and PHP code for webhook signature verification bugs
  • Provides deterministic verdicts: verified, not‑verified, or manual‑review per handler
  • Zero‑network operation – runs entirely locally with no telemetry or SaaS dependency

Recent releases

View all 41 releases →
No immediate action
v0.8.1 New feature

Anthropic SDK, audit tool, AI Act pack

Open
Review required
[email protected] Mixed
Auth RCE / SSRF

n8n ruleset + Ed25519 + Queue reachability + Remix

Open
Review required
@hookwarden/[email protected] Mixed
Auth RBAC RCE / SSRF

n8n callback, Ed25519, queue, edge, Remix, GitHub fix

Open
Review required
@hookwarden/[email protected] New feature
Auth RBAC Dependencies

Webhook integrity + compliance schema

Open
Review required
@hookwarden/[email protected] Mixed
Auth RBAC

n8n callbacks, queue reachability, Ed25519, raw-body

Open

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
1
Forks
0
Languages
TypeScript Shell JavaScript
Downloads/week
596 ↑15%
NPM Maintainers
1 Single npm maintainer
Contributors
3
TypeScript
Types included ✓
View on GitHub View on npm Documentation

Install & Platforms

Install via
npm

Similar tools

melody-auth
pipepie/pipepie
kastelldev/kastell
hook0
WebHook Tester

Beta — feedback welcome: [email protected]