Tharos LogoTharos
DocumentationAPI AnalysisChangelog

Quickstart

Get started with Tharos in minutes.

Quickstart

Get started with Tharos as your intelligent git hook scanner in minutes.

Installation

Install the Tharos CLI globally using NPM:

npm install  -g @collabchron/tharos

Setup

Initialize Your Project

Navigate to your project root and initialize Tharos:

tharos init

This will:

  • Create a tharos.yaml configuration file.
  • Set up intelligent git hooks in .git/hooks/ to intercept insecure commits.

Tharos provides deeper insights when connected to an AI provider. Set your API key in your environment variables:

# For Google Gemini
export GEMINI_API_KEY="your_key"

# OR For Groq (Fast & Free)
export GROQ_API_KEY="your_key"

Verify Staged Changes

Before committing, you can manually verify that your staged files meet security standards:

# Check all staged files (this is what the hook runs)
tharos check

# Or analyze a specific file
tharos analyze src/api/login.ts

Continuous Analysis

Git Hooks

Tharos automatically checks your code during the pre-commit stage. If a high-risk vulnerability is detected (like a hardcoded secret), it will block the commit until fixed.

Magic Fixes

When Tharos finds an issue, use the fix command to automatically remediate it:

tharos fix src/vulnerable-file.js

Read more about the Security Engine

Last updated on

Introduction

Welcome to Tharos – AI-Powered Security & Quality Analysis.

Vulnerability Examples

Real-world examples of vulnerabilities Tharos can detect and fix.

On this page

Quickstart
Installation
Setup
Initialize Your Project
Configure AI (Recommended)
Verify Staged Changes
Continuous Analysis
Git Hooks
Magic Fixes