npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@burtson-labs/host-kit

v0.4.0

Published

Host-agnostic building blocks for the Bandit agent framework — memory files, hooks, mentions, and the extra tool set (todo_write, web_fetch).

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

markymarkburtmarkymarkburtbburtson09bburtson09

Keywords

Readme

@burtson-labs/host-kit

Host-agnostic building blocks shared between the Bandit CLI and the VS Code extension.

Writing a new host (a Cursor sidebar, a JetBrains plugin, a custom CLI)? Pull from here.

Install

pnpm add @burtson-labs/host-kit

What's in the box

  • Memory loader — discovers and merges BANDIT.md / CLAUDE.md / AGENTS.md files across workspace + global locations; deduplicates overlapping content at load time; consolidateMemory() unifies multiple entry files into a single canonical BANDIT.md (symlink on macOS/Linux, copy-with-drift-warning on Windows)
  • Topic memory — lazy-load index at .bandit/memory/MEMORY.md (preferred) with back-compat reads from legacy root MEMORY.md; writes always go to .bandit/memory/; migrateMemoryToBanditDir() moves an existing root memory/ layout into .bandit/memory/ idempotently
  • @-mention expansion — detects @path/to/file in user input and inlines file contents (with secret redaction) or attaches images as base64
  • Hook runner — executes PreToolUse / PostToolUse / Stop / UserPromptSubmit hooks; loadHookSettings merges the global ~/.bandit/settings.json under the workspace .bandit/settings.json so hooks + permissions + the guard apply across every repo
  • Pre-tool security guardevaluateSecurityGuard(call, settings, ctx): an opt-in, in-process safety net (no shell spawn) that blocks catastrophic tool calls (rm -rf /, curl … | sh, disk wipes, credential exfil, writes to system/credential paths) before they run. Wired into beforeToolExecute in both hosts
  • MCP loader — reads mcp-servers.json (global + workspace, workspace wins), auto-injects BANDIT_API_KEY, registers servers with the pool
  • Turn trace reader — parses workspace and global .bandit/turns/*.jsonl into summaries and markdown timelines for CLI /trace, IDE /trace, tests, and future bug-bundle export
  • Insights — usage analytics aggregator (CLI sessions → human report)
  • Extra tool builderstodo_write, web_fetch, web_search, task (subagent), remember, test_run, pdf_read

Status

Stable. Imported by both apps/bandit-cli/ and apps/bandit-stealth/ — breaking changes here require coordinated PRs to both hosts.

Quick example

import { loadMemory, expandMentions, registerMcpServersFromDisk } from '@burtson-labs/host-kit';

const memory = await loadMemory(workspaceCwd);
const { prompt, images } = await expandMentions(rawUserInput, workspaceCwd);
const count = await registerMcpServersFromDisk(workspaceCwd, mcpPool);

Tests

pnpm --filter @burtson-labs/host-kit test

License

Apache License 2.0 — Copyright 2026 Burtson Labs.