npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@aligntrue/sources

v0.9.3

Published

Multi-source rule pulling with caching for AlignTrue.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

gmaysgmays

Keywords

Readme

@aligntrue/sources

Multi-source rule pulling with caching for AlignTrue.

Features

  • Local provider - Read rules from local filesystem
  • Git provider - Clone and read from git repos with local caching
  • Cache management - Local cache in .aligntrue/.cache/

Providers

Local Provider

Read rules from the local filesystem with path traversal protection.

import { createProvider } from "@aligntrue/sources";

const provider = createProvider({
  type: "local",
  path: ".aligntrue/rules",
});

const content = await provider.fetch("rules");

Security:

  • Rejects paths with .. (parent directory traversal)
  • Normalizes paths to absolute for consistent resolution

Git Provider

Clone rules from any git repository (GitHub, GitLab, self-hosted) with local caching and offline fallback.

import { createProvider } from "@aligntrue/sources";

const provider = createProvider({
  type: "git",
  url: "https://github.com/org/rules-repo",
  ref: "main", // Optional: branch/tag/commit (default: 'main')
  path: ".", // Optional: path to scan for rules (default: '.' scans root for .md/.mdc files)
  forceRefresh: false, // Optional: bypass cache
});

const yaml = await provider.fetch();

Features:

  • Shallow clone (--depth 1) for speed and space efficiency
  • Local cache: .aligntrue/.cache/git/<repo-hash>/
  • Indefinite cache TTL (manual refresh only)
  • Offline fallback to cached version
  • Supports https and ssh URLs
  • Atomic cache updates (preserves old cache on network failure)

Cache behavior:

  • First fetch: Clones repo to cache
  • Subsequent fetches: Returns from cache (no network call)
  • Force refresh: Clones to temp location, replaces cache on success
  • Network error + cache: Falls back to cache with warning
  • Network error + no cache: Fails with clear error

Security:

  • Rejects file:// protocol
  • Rejects URLs with path traversal (..)
  • Validates https/ssh URL formats
  • Privacy checks enforce consent system requirements

Example Config:

# .aligntrue/config.yaml
sources:
  # HTTPS with branch
  - type: git
    url: https://github.com/AlignTrue/shared-rules
    ref: main

  # SSH with tag
  - type: git
    url: [email protected]:myorg/private-rules.git
    ref: v1.0.0

  # Specific commit SHA
  - type: git
    url: https://gitlab.com/team/rules
    ref: abc123def456
    path: config/aligntrue.yaml

  # Force refresh (bypass cache)
  - type: git
    url: https://github.com/AlignTrue/shared-rules
    ref: main
    forceRefresh: true

Error Handling:

| Error | Behavior | | -------------------------- | --------------------------------------- | | Authentication failed | Fails with SSH key hint | | Repository not found (404) | Fails with URL validation hint | | Invalid branch/tag/commit | Fails with ref name hint | | Network timeout | Falls back to cache if available | | Corrupted cache | Reports error (use forceRefresh to fix) | | Rules file missing | Fails with helpful path suggestion |

Troubleshooting

Network Errors

If you see Network unavailable, using cached align:

  • This is expected when offline
  • Cache will be refreshed on next online sync
  • To bypass cache immediately, delete .aligntrue/.cache/git/ and rerun sync

Cache Issues

If cache seems stale or corrupted:

  • Delete .aligntrue/.cache/git/ directory
  • Run sync again to rebuild cache