npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@adjudicate/pack-deployments-approval

v0.3.0

Published

Deployment-approval governance Pack — human approval gates (ESCALATE), destructive-action confirmation (REQUEST_CONFIRMATION), ramp clamping (REWRITE), CI-gate DEFER, and release gates (Item 14).

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

brunorobrunoro

Keywords

Readme

@adjudicate/pack-deployments-approval

Deployment-approval governance Pack — human approval gates (ESCALATE), destructive-action confirmation (REQUEST_CONFIRMATION), ramp clamping (REWRITE), CI-gate DEFER, and release gates (Item 14).

Release gates

| Gate | Outcome | Trigger | |---|---|---| | Regression score | ESCALATE → human | aiEvalScore below REGRESSION_ESCALATE_THRESHOLD (80) | | Carbon budget | REWRITE | region not the greenest in REGION_CARBON_RANK → clamped to GREENEST_REGION (taint preserved) | | Model/prompt change | REQUEST_CONFIRMATION | bundled modelId/promptVersion differs from the last approved release |

Guard precedence (first non-null wins): a failed eval ESCALATEs before any clamp; region carbon-clamp and model/prompt confirm precede the approval gates. Carbon ranking is a static constant — never fetch live carbon data inside a guard (that would be I/O in the decision path and break replay determinism). In-memory state only; not for production as-is.

Known limitations — read before adopting

These are deliberate gaps in the reference gates; an adopter MUST address them:

  • The regression gate is opt-in per request (fail-open if the score is omitted). aiEvalScore is optional; a deployment.approval.request that does not carry it bypasses escalateRegressionScore entirely (the threshold guard returns null on an absent value). If eval is mandatory for your release process, add a state guard that REFUSEs/ESCALATEs when the score is missing.
  • The carbon clamp is residency-bounded — but you must classify your regions. clampToGreenestRegion clamps to the greenest region within the request region's data-residency zone (REGION_RESIDENCY), so an eu-* deploy is only ever moved to a greener eu-* region, never to us-west-1. A region absent from REGION_RESIDENCY is left untouched (fail-safe). Adopters MUST populate REGION_RESIDENCY for every region they deploy to, or those regions are never carbon-optimized (and never wrongly relocated).
  • The model/prompt-change gate fires on the first deploy. With no prior approved release, any request that supplies a modelId/promptVersion REQUEST_CONFIRMATIONs (there is nothing to diff against). Treat the first confirmation as the baseline-establishing approval.