npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@cheapcode/cli

v0.23.0

Published

Cheap Code: the coding-agent terminal for the CheapVibeCode project.

Downloads

913

Readme

Cheap Code

Cheap Code is the coding-agent terminal for CheapVibeCode.

Install

Requires Node.js 22 or newer.

npm install -g @cheapcode/cli@latest
cheapcode

Run once without a global installation:

npx --yes @cheapcode/cli

The same npm command works on Windows, macOS, and Linux and exposes the cheapcode command globally.

For local development from the repository root on Windows PowerShell:

.\scripts\install-cheapcode-cli.ps1

On Linux/macOS:

bash scripts/install-cheapcode-cli.sh

The installer checks Node.js, installs Bun if needed, installs dependencies, builds dist/cli.mjs, and links these commands globally:

  • cheapcode

To build the downloadable archive served by the website:

.\scripts\package-cheapcode-cli.ps1

Run

cheapcode

On installation or the first interactive run, Cheap Code offers two methods:

  1. Sign in through cheapvibecode.ru (recommended). The browser links a separate, revocable CLI session to the user's profile, balance, and settings.
  2. Enter an API key. Existing CVC_API_KEY, .env, --provider-env-file, and saved-profile workflows continue to work. Manual key input is masked.

Both browser sessions and manually entered keys are stored in the local user profile with owner-only permissions.

You can manage the saved key explicitly:

cheapcode auth login
cheapcode auth login --key
cheapcode auth status --text
cheapcode auth logout

Inside an interactive Cheap Code session, /logout performs the same action and then exits the current process so it cannot keep using stale credentials.

Cheap Code does not use Claude account authorization or the Claude subscription OAuth flow.

Useful maintenance commands:

cheapcode --help
cheapcode --version
cheapcode update

Inside an interactive session, release history comes from the official Cheap Code manifest:

/release-notes          # installed version (works offline)
/release-notes latest   # refresh from the official Cheap Code manifest
/release-notes 0.22.0   # one exact version
/release-notes all      # complete available history

/changelog is an alias. Release metadata is maintained in release-notes.json, embedded into the CLI bundle, and copied into the verified-archive manifest during packaging.

Sandbox

Cheap Code uses Codex-compatible sandbox policies for model-generated shell commands. The default is workspace-write: commands may read the filesystem, but writes are limited to the workspace, /tmp, TMPDIR, and directories added with --add-dir; outbound network access is denied unless a domain is approved. Project metadata such as .git, .agents, .codex, and .cheapcode remains read-only and uses the normal approval flow when a command needs to change it.

Select a policy for one session with the same flag and values as Codex CLI:

cheapcode --sandbox read-only
cheapcode -s workspace-write
cheapcode --sandbox danger-full-access

The modes are:

  • read-only — filesystem writes require approval.
  • workspace-write — workspace and temporary-directory writes are sandboxed; this is the default.
  • danger-full-access — disables OS sandboxing. Cheap Code's separate tool permission rules still apply.

Use /sandbox in an interactive session to inspect or change the mode. It can also be configured in settings.json:

{
  "sandbox": {
    "mode": "workspace-write"
  }
}

The implementation uses Seatbelt on macOS, bubblewrap on Linux/WSL2, and the Sandbox Runtime Windows backend. On Linux, /doctor reports missing sandbox dependencies.

Long sessions default to an 8 GB Node.js old-space limit. Override it with either supported launcher form:

cheapcode --max-memory=4096
cheapcode --max-memory 4096

For provider variables stored in a local env file:

cheapcode --provider-env-file .env

The launcher stores Cheap Code-specific CLI state in ~/.cheapcode-cli by default. Override it with CHEAPCODE_CLI_CONFIG_DIR if needed.

Token and context efficiency

Cheap Code defers MCP tool schemas until the model actually needs them, compresses old tool results, preserves prompt-cache prefixes, and batches automatic memory extraction. The default memory extractor runs once per five eligible user turns instead of spawning a background agent after every turn.

Use /config to change Background memory extraction:

  • every 5 turns (default) — balanced persistence and cost
  • every 10 turns — cheaper for high-volume sessions
  • every turn — maximum memory freshness, highest token use
  • off — disables automatic extraction but keeps explicit memory reads and writes available

For one session, the environment variable takes precedence over settings:

CHEAPCODE_MEMORY_EXTRACTION_INTERVAL=10 cheapcode
CHEAPCODE_MEMORY_EXTRACTION_INTERVAL=off cheapcode

Useful diagnostics:

/context       # what currently occupies the context window
/ctx           # compact context visualization
/cache-stats   # prompt-cache reads, writes, and hit ratio
/doctor        # oversized memory, agent, and MCP warnings

Third-party hooks that intercept Bash or rewrite tool output should remain experimental until their interaction with tool-history compression and context collapse has been measured.

Develop

cd cli
bun install --frozen-lockfile
bun run build
node bin/cheapcode --version

Run the complete release gate before packaging:

bun run check

It covers type checking, generated integration drift, release-manifest consistency, a production smoke build, the privacy guard, dead-code analysis, and the full test suite.