Loading npm security reports…
Audit where your coding agent's context window and API dollars go.
No confirmed malicious attack surface. The package is a user-invoked local auditing CLI that reads agent session/config files to calculate token usage and costs; no writes, network endpoints, or install-time execution were found.
`dist/cli.js` explicitly invokes local transcript and MCP-config discovery when the user runs `tokz`.
dist/cli.jsView on unpkg`dist/Root-6SZ5FQDN.js` reads local Claude, Codex, and OpenCode session data for usage reporting.
dist/Root-6SZ5FQDN.jsView on unpkg`dist/cli.js` explicitly invokes local transcript and MCP-config discovery when the user runs `tokz`.
dist/cli.jsView on unpkg`dist/Root-6SZ5FQDN.js` reads local Claude, Codex, and OpenCode session data for usage reporting.
dist/Root-6SZ5FQDN.jsView on unpkg