npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@cwe-platform/plugin-cli

v0.2.0

Published

CasinoWebEngine plugin developer CLI — create, dev-loop (hot reload + live logs), lifecycle-test and publish plugins against a CWE runtime.

Readme

@cwe-platform/plugin-cli

cwe-plugin — the CasinoWebEngine plugin developer CLI. One tool that carries you from createloginenvdev (hot reload + live logs) → lifecycle testing → publish.

The golden path

pnpm create cwe-plugin my-cashback         # scaffold: manifest, handlers, tests, config
cd my-cashback && pnpm install

pnpm dev                                   # = cwe-plugin dev
#  → first contact with the scaffold's preset `local` environment: the handshake verifies
#    class=local + devHarness=true and pins its fingerprint  → green banner
#  → doctor passes → sandbox tenant resolved → plugin installed+enabled (prompted)
#  → esbuild watch starts, bundle hot-loaded, log stream attached
#  → edit src/handlers/routes.ts, save → rebuilt + hot-reloaded in <2s, logs streaming live

# in the dev session (keyboard):  i install · e enable · c configure · x disable · u uninstall
#                                 r reload · d doctor · l clear · q quit

pnpm test                                  # unit tests via @cwe-platform/plugin-sdk/testing

cwe-plugin lifecycle cycle                 # conformance sweep: install→enable→configure→
                                           # disable→uninstall→reinstall, asserts idempotency

cwe-plugin login                           # only needed for shared dev clusters / publishing
cwe-plugin env add dev-eu https://dev-eu.example && cwe-plugin env use dev-eu
pnpm dev                                   # same loop against the shared cluster

pnpm publish:dev                           # = cwe-plugin publish — always the dev channel

Environments & safety

The CLI resolves every runtime's GET /.well-known/cwe-environment descriptor and enforces a fail-closed policy: dev-loop commands (dev, logs, lifecycle, settings, invoke, jobs, tasks, sandbox, doctor --remote) run ONLY against environments with the dev harness mounted and class ∈ {local, development}. An environment that does not declare itself is treated as production. There is no --force. Environment fingerprints are pinned on env add (SSH known_hosts style) — if a URL later resolves to a different environment the CLI hard-stops.

Project config lives in cwe-plugin.json (committed — never holds secrets):

{
  "$schema": "https://cwe.dev/schemas/cwe-plugin.json",
  "plugin": "my-cashback",                 // must equal manifest.key
  "entry": "src/index.ts",
  "environments": {
    "local":  { "runtimeUrl": "http://localhost:3000" },
    "dev-eu": { "runtimeUrl": "https://dev-eu.example" }
  },
  "defaultEnvironment": "local"
}

Machine-local state (env override, pinned fingerprints, log cursor) lives in .cwe/state.json (gitignored, safe to delete). Credentials live in the OS keychain (macOS Keychain / libsecret), falling back to ~/.config/cwe/credentials.json chmod 0600.

Commands

| Command | What it does | |---|---| | create [name] | Scaffold a plugin (--kind, --template blank\|cashback\|provider-skeleton) | | env add/use/list/status | Manage runtime environments (handshake, fingerprint pin, live status) | | login / whoami / logout | Device-code staff login (per the environment's auth.cli mode) | | token create --ttl 1h --scope publish | Mint a non-refreshable CI token (CWE_PLUGIN_TOKEN) | | dev | The dev session: watch → bundle → hot load → live logs → interactive keys | | logs | Standalone log/trace tail (--level, --surface, --grep, --json, --since) | | lifecycle install/enable/configure/disable/uninstall/upgrade [--debug] | Run real lifecycle commands, print full hook traces | | lifecycle cycle | CI-grade conformance sweep with idempotency assertions | | settings schema/get/set/apply | Inspect + change sandbox settings (secrets write-only) | | sandbox reset [--yes] | Wipe this plugin's state on the sandbox tenant | | invoke <METHOD> <path> | Route console: execute a declared route, print response + capability trace | | jobs list/run · tasks run | Job dry-runs and task runs with live progress | | doctor [--remote] | Static manifest checks; --remote runs the full runtime doctor | | build / codegen client | One-off bundle / deterministic @cwe-plugins/<key>-client codegen | | publish / promote / yank / versions | Publish to the dev channel; manage released versions |

Every read command supports --json. --env <name> overrides the default environment per invocation. Auth is auto-refreshing (single-flight, 30s server-side rotation grace); in CI set CWE_PLUGIN_TOKEN — it is used verbatim, never refreshed, never stored.

Requirements

  • Node ≥ 20, a CWE runtime with the dev harness enabled (DEV_HARNESS_ENABLED=true, CWE_ENV_CLASS=local|development, sandbox tenant seeded — see the Runtime Core repo's docker-compose.plugindev.yml for the one-command local stack).
  • The target plugin project must have @cwe-platform/plugin-sdk installed (the CLI loads the project's own SDK copy for doctor/codegen, so CLI and SDK versions never skew).