npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@buildinternet/releases

v0.64.0

Published

The changelog & release-notes registry for developers and AI agents

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

zachdunnzachdunn

Keywords

changelogreleasesmcpai

Readme

Releases CLI

npm Release Test License: MIT skills.sh Ask DeepWiki

The changelog & release-notes registry for developers and AI agents — a lean HTTP client for releases.sh. Search and browse release notes from GitHub, RSS/Atom/JSON feeds, and product changelog pages, with no local infrastructure.

The CLI talks to the hosted registry at api.releases.sh. Search and browse work out of the box — no account or config. Sign in with releases login to follow orgs and products, get a personalized feed, and manage outbound webhooks; it mints a personal read-only API key (and earns you higher rate limits as those roll out). Write/admin access (releases admin …) is a separate, closed beta — open an issue for early access.

Install

brew install buildinternet/tap/releases          # Homebrew (macOS / Linux)
npm install -g @buildinternet/releases           # npm (macOS / Linux / Windows)
curl -fsSL https://releases.sh/install | bash    # shell installer (macOS / Linux)

Or run without installing: npx @buildinternet/releases@latest search react — always pin @latest, since bare npx @buildinternet/releases caches the first-fetched version forever. Signed, precompiled binaries for every platform are on the Releases page (with checksums) for air-gapped installs or version pinning.

Homebrew installs shell completions automatically. On every other path, enable them once with releases completion install (auto-detects $SHELL).

Usage

releases search "authentication"
releases search "slack integration" --since 90d   # bound release hits by publish date
releases tail next-js                              # latest releases; `tail -f` to follow
releases list --category ai
releases get vercel                                # org, product, or source
releases org overview vercel                       # full AI-generated org overview
releases stats
releases submit https://acme.dev/changelog         # suggest a source for the registry
releases feedback "great tool — here's an idea…"   # message the maintainers

Identifiers are interchangeable: every command accepts a slug, a typed ID (org_…, prod_…, src_…, rel_…), or an org/slug coordinate (e.g. vercel/next-js). IDs are stable across renames. search, tail/latest, and feed take --since / --until to bound releases by date — an ISO date (2026-01-01) or relative shorthand (90d, 4w, 6m, 2y).

Add --json to any reader command for machine-readable output — list commands emit a { items, pagination } envelope. Release readers return a slim shape by default (id, version, title, summary, excerpt, url, dates, plus any media with its r2Url); pass --full for the complete payload. tail/latest take --count (alias --limit, 1–100). Run releases <command> --help for per-command flags.

Following & personalized feed

Follow orgs and products to build a personalized feed. These act on your own account, so sign in first (releases login):

releases follow vercel              # org slug, org/product coordinate, or typed ID
releases following                  # list what you follow
releases feed                       # your release timeline (--json, --page, --limit)
releases unfollow vercel

Following an organization includes all of its products.

Outbound webhooks

Receive signed release.created POSTs in real time — for everything you follow or a single org:

releases webhook add --scope follows --url https://your.app/hook
releases webhook add --org vercel --url https://your.app/hook --description "prod"
releases webhook list
releases webhook test <id>
releases webhook verify --key … --signature … --timestamp … --body-file capture.json

Org-scoped: up to 10 (--org, optional --source, --product, --type feature|rollup). Follows-scoped: one webhook (--scope follows) that tracks your current follow graph; optional --type narrows delivery. Signing keys are shown once on add / rotate-secret. You can also manage webhooks in the browser at releases.sh/account/notifications. Operator/admin webhooks (releases admin webhook …) are a separate root-key surface.

Contribute to the registry

Neither needs an account or API key:

releases submit https://acme.dev/changelog       # suggest a changelog / release-notes URL
releases feedback "tail -f reconnects slowly"     # report a bug or share an idea

Both prompt interactively when run with no argument, accept input on stdin, and take --dry-run --json to preview the payload without sending. feedback --type is bug / idea / other; submit --note carries extra context (product name, repo, feed quirks). Submissions feed the same review queue as the web submit form.

MCP & Claude Code

Point any MCP-compatible agent at the hosted server:

npx mcp-remote https://mcp.releases.sh/mcp

This repo is also a Claude Code marketplace with two plugins — releases (reader: hosted MCP tools, a /releases lookup command, and auto-trigger skills) and releases-admin (source onboarding + maintenance; needs admin access):

/plugin marketplace add buildinternet/releases-cli
/plugin install releases@releases          # reader
/plugin install releases-admin@releases    # admin

Or install just the skills into any agent (Cursor, Codex, Gemini CLI, Windsurf, …):

releases skills install        # or, without the CLI: npx skills add buildinternet/releases-cli

Authentication

Search and browse need no auth. Signing in powers the personal surfaces — follows, feed, and outbound webhooks — and mints a personal read-only key (it can't write to the catalog or run admin commands; it identifies you for /v1/me/* account routes). The easiest way in is your browser — nothing to copy or paste:

releases login              # opens your browser to approve, then saves the key
releases login --no-browser # print the URL + code to open yourself (headless / SSH)

This uses the OAuth 2.0 Device Authorization Grant (RFC 8628): approve a short code at releases.sh/device in a signed-in browser, and a read-only key is saved to ~/.releases/credentials (0600). Manage keys with releases keys list / create / revoke.

Already issued a token (e.g. a write/admin key during the closed beta)? Store it without the browser flow via releases auth login (interactive, --token <token>, or --token - for stdin); it's verified before being saved. releases auth status shows the current state (whoami is an alias). RELEASES_API_KEY in the environment overrides any stored credential — handy for CI.

Environment

Reader access requires nothing. Useful overrides:

  • RELEASES_API_KEY — Bearer token for write endpoints; overrides stored credentials.
  • RELEASES_API_URL — override the default https://api.releases.sh (e.g. staging).
  • RELEASES_TELEMETRY_DISABLED=1 — opt out of anonymous usage pings (DO_NOT_TRACK=1 also honored).

See .env.example for the full list.

Exit codes

| Code | Meaning | | ----- | ------------------------------------------------------------ | | 0 | Success | | 1 | Application error (network, API, unexpected state) | | 2 | Usage / provider error (bad arguments or upstream rejection) | | 130 | Cancellation (SIGINT) |

Contributing

Build, test, and release instructions live in CONTRIBUTING.md.

License

MIT