npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@apurvv28/devforge

v1.2.0

Published

Automated CI/CD Pipeline Generator and Deployment Automation Tool

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

apurv28apurv28

Keywords

Readme

DevForge

npm version license ci release

Production-ready CI/CD pipelines, now with AI-powered recommendations.

For command details, see docs/COMMANDS.md.

AI Features

  • ✦ Automatic LLM provider setup for Amazon Nova Pro, Gemini, OpenAI, Anthropic, and Bedrock.
  • ✦ Recommendation Agent — runs on every init and flags pipeline issues.
  • ✦ Security & Compliance Agent — NIST SP 800-53 + ISO 27001 scanning.
  • ✦ Cross-session memory via Amazon Elastic.
  • ✦ Full offline mode — AI is optional and the v1 engine always works.

Problem

  • New projects spend too long recreating the same CI/CD setup by hand.
  • Generic generators ignore the real project structure, so the first draft is rarely usable.
  • Teams need deterministic output they can review, diff, and commit with confidence.

Quick Start

  1. Run npx devforge init.
  2. Choose your LLM provider or offline mode and confirm deployment options.
  3. DevForge detects your framework, package manager, and deployment target.
  4. Preview the generated workflows if you want a before/after diff.
  5. Generate the files and commit them to your repository.

Features

| Feature | DevForge | Yeoman | Workik AI | Actions Importer | | --- | --- | --- | --- | --- | | Local project detection | Yes | Limited | No | No | | AI Recommendations | ✓ (DevForge) | — | ✓ (Workik) | — | | Compliance Scanning | ✓ | — | — | — | | Offline Mode | ✓ | ✓ | — | ✓ | | One command setup | Yes | Yes | Yes | No | | Deployment provider support | Yes | Via generators | Partial | Limited | | Docker generation | Yes | Via generators | Yes | No | | Secret guidance | Yes | No | Partial | No | | Dry run mode | Yes | Depends | Partial | No | | Update command | Yes | No | No | No | | Audit mode | Yes | No | No | No | | IaC detection (Terraform, CDK, boto3, Pulumi, Ansible) | Yes | No | No | No | | Automated deployment via detected IaC | Yes | No | No | No | | LLM-assisted IaC generation with verification loop | Yes | No | Partial | No |

Supported Frameworks

React Next.js Express NestJS Vue Angular MERN

Supported Deployment Targets

| Target | IaC automation | Supported tools | |--------|---------------|----------------| | Vercel | Not needed (managed) | — | | Railway | Not needed (managed) | — | | Render | Not needed (managed) | — | | Firebase | Not needed (managed) | — | | AWS ECS (Fargate) | ✓ generate + execute | Terraform, CDK, boto3 | | AWS EKS | ✓ generate + execute | Terraform | | AWS EC2 | ✓ generate + execute | Terraform, boto3 | | Docker | ✓ generate + execute | Terraform |

Supported CI

  • GitHub Actions
  • Jenkins
  • GitLab CI
  • CircleCI

Commands

init is the primary entry point. It detects the project, collects deployment preferences, optionally previews the output, and writes the generated workflows plus secrets guidance into .devforge/.

update refreshes existing DevForge-managed workflows against the latest templates. It shows a diff, preserves custom sections, and only applies changes after confirmation.

deploy automates step-by-step AWS deployments (ECS, EKS, EC2) from the generated guide/plan with interactive prompts, live terminal output streaming, and reverse-order rollback capability.

audit scans any GitHub Actions workflow set for security, performance, and best-practice issues. It prints a per-file report and exits non-zero when high-severity findings exist.

preview renders the planned output in memory so you can inspect the exact YAML before anything is written to disk.

IaC Automation

DevForge detects existing IaC and, when none is present, can generate it:

  • ✦ IaC detection (Terraform, CDK, boto3, Pulumi, Ansible)
  • ✦ Automated deployment via detected IaC (with human-in-the-loop confirmation)
  • ✦ LLM-assisted IaC generation — files assembled from verified building-block templates
  • ✦ Verification loop: terraform validate, cdk synth, python -m py_compile before writing any file
  • ✦ Retry loop: up to DEVFORGE_IAC_MAX_RETRY attempts (default 2), with error context fed back to the LLM
  • ✦ Trivy IaC misconfiguration scanning on generated configs

See docs/IAC.md for full details.

Security

DevForge is designed to stay deterministic and reviewable:

  • No remote model calls are required for generation.
  • Templates are static and rendered through a strict variable allowlist.
  • File writes use guarded paths and atomic operations.
  • Secrets are reported as guidance, not injected into source files.
  • The published package is hardened for release with a strict file allowlist and prepublish checks.

Docs

See docs/COMMANDS.md for the full command reference, docs/AGENT.md for the agent model, docs/SECURITY_COMPLIANCE.md for compliance scanning, and docs/IAC.md for IaC detection, generation, and verification.

Contributing

See CONTRIBUTING.md.

License

Licensed under the MIT License. See LICENSE.