PackageFix vs npm audit
npm audit tells you what's vulnerable. It doesn't give you a fixed file. PackageFix closes that gap — live CVE scan plus a downloadable fixed package.json in one step.
| Feature | PackageFix | npm audit |
|---|---|---|
| Browser-based | ✅ Yes | ❌ CLI only |
| Fix output (patched manifest) | ✅ Yes | ❌ Report only |
| CISA KEV flags | ✅ Yes | ❌ No |
| No Node.js install needed | ✅ Yes | ❌ Requires Node |
| Transitive override snippets | ✅ Yes | ❌ No |
| Supply chain detection | ✅ Yes | ❌ No |
| Multi-ecosystem | ✅ 7 ecosystems | ❌ npm only |
Scan your dependencies now — paste your manifest, get a fixed version back in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
Frequently Asked Questions
Is npm audit still available?
npm audit is CLI only, no fix output. PackageFix is a free, actively maintained alternative.
Does PackageFix require a GitHub connection?
No. PackageFix runs entirely in your browser. Paste any manifest file — no GitHub, no login, no CLI.
Is PackageFix free?
Yes — completely free, MIT licensed, open source at github.com/metriclogic26/packagefix.
What ecosystems does PackageFix support?
npm, PyPI (Python), Ruby (Gemfile), PHP (Composer), Go (go.mod), Rust (Cargo.toml), and Java/Maven (pom.xml).