The safe search engine for software
XDiscordGitHub$NPM

Public CLI

Local audit and sandbox receipts for package decisions.

The public Nipmod CLI is the local host side of the product: inspectable source for deep scan, sandbox-audit receipts and decision-bound runtime checks before package code is trusted.

Source
public
Hosted API
read only
Runtime
explicit approval
Receipts
hash bound

Where the CLI fits

Humans

Review before local action

Use the website for search, then use the CLI when you need local proof against an artifact or source snapshot.

Agents

Host-controlled execution boundary

Agents can call the hosted API for a decision, but local audit and runtime checks stay inside the user's host.

Reviewers

Inspectable local code

The public repository includes the CLI source and tests so the local audit path can be inspected.

Open public CLI source

Install

npx nipmod --help
pnpm dlx nipmod --help
npm install -g nipmod

The package is publish-ready. Until npm publishing is performed, run from the public repository with pnpm --dir cli cli -- help.

Core local checks

nipmod deep-scan <artifact-or-source-path> --json
nipmod sandbox-audit <artifact-or-source-path> --decision decision.json --target-confirmed --json
nipmod sandbox-runtime <artifact-or-source-path> --decision decision.json --target-confirmed --dry-run -- node --version

Approval sequence

  1. 1

    Decide

    Call the hosted decision endpoint and save the exact decision JSON.

  2. 2

    Audit

    Run sandbox-audit locally against the exact artifact or source snapshot.

  3. 3

    Bind

    Compare the receipt to the decision hash, content hash and policy hash.

  4. 4

    Approve

    Ask the user or host policy for approval only after required checks are complete.

  5. 5

    Run

    Use sandbox-runtime only when behavior must be observed and approval has been explicit.

Runtime checks

nipmod sandbox-runtime <artifact-or-source-path> \
  --decision decision.json \
  --target-confirmed \
  --confirm-runtime \
  -- node --version

--dry-run never executes the command. --confirm-runtime is required for behavior checks.

Command scope

search, inspect, view
Package and registry discovery commands.
Use for local/package-manager style flows.
deep-scan
Static local scan of files already present on disk.
No package install or remote clone.
sandbox-audit
Hash-bound local audit receipt for an artifact or source snapshot.
Cached by content hash plus policy hash.
sandbox-runtime
Optional isolated runtime observation.
Requires explicit confirmation before execution.
mcp serve
Local MCP server for agent hosts.
Read-only tools should remain separate from workspace writes.
setup, setup-cloudflare
Experimental local setup helpers.
Not part of the hosted API boundary or production operations.

Agent instruction

Use Nipmod's hosted API for search and decision.
Use Nipmod CLI only for local host-controlled checks.
Run sandbox-audit against the exact artifact or source snapshot before approval when required.
Use sandbox-runtime only after explicit user or host approval.
Do not treat a CLI receipt as automatic permission to install or execute.