AI writes the code. AI writes the tests. Who checks the AI?

The quality gate for AI-generated code.

Nark finds the errors your AI won't catch.

Scan Your AI Code →View Pricing

Free for 1 repository · No credit card required

NARK

Why Nark?

Tests can pass and coverage can hit 100% — and your code can still be incomplete. AI only wrote and tested what it predicted was necessary.

Unhandled package responses don't announce themselves — they just become production bugs. That's where Nark comes in.

Nark tests your code against our profiles and flags the parts that are incomplete so that you can build complete connections with critical npm packages, avoiding production failures.

Try Nark with One Command

Nark is a static analysis tool that quickly and repeatedly scans your code locally or in your CI pipeline.

Copy this command to your terminal.
Run it in the root directory of your typescript project.

npx nark

Alternatively, you can paste this
command into your coding agent:

Run 'npx nark', once the scan completes follow the instructions
at the path it prints to triage, research, and fix all violations.

How It Works

1

Run locally
in seconds

Run npx nark in your project directory. Scans run entirely on your machine — your source code never leaves your computer. Optionally authenticate to sync results to the cloud.

2

We scan every
package call

On every push, every reference to a covered package gets checked against its compatible profile. Nothing is skipped.

3

Fix entire packages
in one session

Use the /nark-fix skill for Claude Code to automatically work through every violation — exact file paths, line numbers, and context — without you having to copy/paste a thing.

Why Trust Our Profiles

We did the research. You get the results.

Our profiles were created after we read the changelogs, issue trackers, and API docs of 160+ npm packages — axios, prisma, stripe, openai, redis, and more. We then applied our profiles to 6,200+ real-world TypeScript projects to analyze our profiles' performance and prove their success.

Unlike AI, with Nark's profiles, you'll get the same results after every scan.

Scan Your AI Code →View Pricing

Free for 1 repository · No credit card required

6,200+

real-world
projects analyzed

160+

npm packages with
written profiles

<1 min

to scan your
entire repo

Built for Tools You're Already Using

axios, prisma, stripe, redis, and 160+ more npm packages.

Axios
Prisma
Stripe
OpenAI
Supabase
AWS
Redis
Mongoose
Sequelize
PostgreSQL
Knex
Twilio

Nark in Action

We scanned 6,200+ repos and found these standouts.

Real violations in real production code:

botpress/botpress12k+axios

integrations/vonage/src/vonage.ts

Unhandled Network Error134 violations in this repo

134 unguarded axios calls across 35 integrations. Any HTTP failure — network timeout, 5xx, auth expiry — throws an unhandled AxiosError that crashes the bot handler. The fire-and-forget analytics ping (_collect) was also re-throwing on failure, crashing bot handlers over a telemetry call that should be silent.

View on GitHubFull case study →
export async function sendMessage(
  { conversation, ctx, ack },
  payload
) {
  const { to, from, channel } =
    getRequestMetadata(conversation);
  // No try-catch — 401/429/timeout crashes handler
  const response = await axios.post(
    'https://api.nexmo.com/v1/messages',
    { ...payload, from, to, channel },
    { auth: {
        username: ctx.configuration.apiKey,
        password: ctx.configuration.apiSecret
    }}
  );
  await ack({ tags: { id: response.data.message_uuid } });
}

Want to see how your codebase compares? Start free →

Caught by Nark. Merged by maintainers.

Three fixes for bugs Nark surfaced — shipped to production in May 2026.

labring/sealos17.7K
Merged@tanstack/react-query + Stripe

Await post-payment refetch and surface errors

After a Stripe payment success, five React Query invalidations fired without await or throwOnError. A failed refetch left users seeing the upgrade-success modal while the UI silently showed pre-payment state.

May 14, 2026View PR
NangoHQ/nango7.4K
Mergedjsonwebtoken

Validate jwt.decode() tenant ID before URL construction

OAuth post-connection hooks cast jwt.decode() output to a typed interface and used decoded.tid in URL construction with no field validation. Replaced the unsafe cast with a Zod safeParse on Teams and OneDrive providers.

May 14, 2026View PR
siyuan-note/siyuan43.9K
MergedWebSocket

Isolate reconnectWebSocket pings to survive CONNECTING sockets

On mobile background-wake, any of four WebSocket connections could still be in CONNECTING state. The first send() throw crashed the whole ping sequence. Fix wraps each in try/catch so one failed ping doesn't take down the others.

May 15, 2026View PR

Don't Say “Probably.” Stay Confident with Nark.

Approving AI code without a completeness check is a guess.
Nark gives you a deterministic answer before you merge.

Without Nark
?

feat: add API input validation

AI-generated · 52 additions

“Looks fine I think? Probably handles errors...the AI usually does 🤷‍♂️”

— Every reviewer, every time

With Nark

feat: add API input validation

AI-generated · 52 additions

zod
0 violations
axios
0 violations
jsonwebtoken
0 violations

Catch what unit tests miss.

Get Started Free →View Pricing

Free for 1 repository · No credit card required