npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@charles_lindecker/gup

v0.2.0

Published

gup (Global Updater) — one CLI to scan and update everything installed on your machine across ~130 sources: winget, scoop, chocolatey, npm-g, pnpm-g, yarn-g, bun, pip, pipx, uv, cargo, gem, dotnet tools, composer, helm, kubectl, krew, terraform, pulumi, a

Downloads

246

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

charles_lindeckercharles_lindecker

Keywords

cliupdaterpackage-managerglobal-updaterwingetscoopchocolateynpm-globalpippipxcargohelmkubectlterraformdotnet-toolspwshvscode-extensionswindowswsldevops

Readme

gup — Global Updater

One command to scan and update everything installed on your machine. winget, scoop, choco, npm, pnpm, yarn, bun, pip, pipx, uv, cargo, gem, dotnet tools, helm, kubectl, terraform, vscode extensions, JetBrains, WSL distros…

Homepage · npm · Docs · Providers (130+)

CI Security Pages CodeQL Semgrep Gitleaks Dependabot

npm npm downloads Node TypeScript Vitest License: MIT Platform Providers GitHub stars

TL;DR

npm install -g @charles_lindecker/gup
gup                # interactive menu
gup list --fast    # fast scan
gup update --all   # update everything

Why gup

On a dev machine, binaries come from dozens of sources (winget, scoop, npm-g, cargo, pipx, dotnet tools, vscode-ext, JetBrains, helm, terraform, kubectl…). No native tool covers them all — winget upgrade --all silently skips pinned packages, ncu -g only sees npm, and every cloud/IaC/K8s CLI ships its own self-update. gup unifies the whole thing behind a single CLI plus an interactive menu.

Installation

Via npm (recommended)

npm install -g @charles_lindecker/gup

Package: @charles_lindecker/gup on npm.

From source

git clone https://github.com/LINDECKER-Charles/gup.git
cd gup
npm install
npm run build
npm link            # exposes the `gup` command globally

Requirements: Node ≥ 20, PowerShell or Bash. Works on Windows / WSL / Linux.

Usage

gup                                                  # interactive menu
gup list                                             # list outdated packages
gup list --fast                                      # skip slow scans
gup list --provider winget npm-g                     # restrict
gup list --json                                      # pipeable JSON output
gup update                                           # interactive selection
gup update --all -y                                  # everything (no prompt, CI)
gup update winget:Microsoft.PowerShell npm-g:typescript
gup update --all --timeout 300                       # auto-skip any install stuck > 5 min
gup doctor                                           # detected providers vs missing

Skipping stuck installs

Some installs can hang (a stalled download, the Windows Installer mutex, an installer that drops its --silent flag and waits on a now-visible GUI). gup won't block forever:

  • Ctrl+C during a batch skips the install in flight and moves on; Ctrl+C twice stops the whole batch.
  • A per-install wall-clock timeout (default 20 min) auto-skips a wedged install. Tune it with --timeout <seconds> (0 disables), the GUP_INSTALL_TIMEOUT env var (seconds), or the menu's Options → Timeout install.

Skipped installs are reported as SKIP (not failures) and don't trigger the retry prompt.

| Command | Effect | |---|---| | gup | Interactive menu: Review / Update selected / Update all / Update target / Providers / Options | | gup list | Lists outdated packages, colorized table | | gup list --fast | Skips slow scans (pwsh-modules, vscode-ext…) | | gup list --json | Raw JSON output (pipeable) | | gup update | Interactive multi-package selection | | gup update --all | Updates everything (with confirmation) | | gup update <provider:pkg> | Specific targets | | gup update --timeout <s> | Auto-skip any install exceeding <s> seconds (0 = off) | | gup doctor | Detected providers + install hints |

Documentation

| Document | Content | |---|---| | docs/architecture.md | Internal architecture: layers, data model, parallel scan, update pipeline, security — with mermaid diagrams. | | docs/how-gup-works.md | End-to-end technical walkthrough (motivation, model, internal contracts, resilience, build). | | CONTRIBUTING.md | Contribution guide: provider-addition workflow, mandatory conventions, edge cases, PR checklist. | | docs/providers-catalog.md | Exhaustive catalog of the 130+ providers, implementation status, out-of-scope items. | | SECURITY.md | Threat model, mitigations, vulnerability reporting. |

Security

| Layer | Tool | |---|---| | Command injection | execa argv-vector, no shell: true (allowlist pinned by tests) | | HTTPS only | every fetch() call enforced as https:// | | Static analysis | CodeQL security-extended + security-and-quality | | SAST | Semgrep (.semgrep.yml + p/typescript + p/nodejs) | | Secrets | gitleaks | | Dependencies | audit-ci + Dependabot (weekly grouped) | | Lint | eslint-plugin-security |

npm run security        # audit + eslint-security + tests/security

Reporting: private security advisory. See SECURITY.md.

Tests

npm run typecheck             # tsc strict + noUncheckedIndexedAccess
npm run test:run              # vitest one-shot
npm run test:coverage         # vitest + v8 coverage
npm run test:security         # security suite only
npm run lint                  # eslint

Cross-platform CI: Ubuntu + Windows, Node 20 & 22.

Out of scope

  • Windows Update OS / driversPSWindowsUpdate
  • Maven / Gradle / sbt / bundler / lockfiles → project-scoped, not global
  • JetBrains Toolbox-managed IDEs → the Toolbox ships its own updater

License

MIT © Charles Lindecker