npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@domainintel/cli

v1.0.1

Published

Domain intelligence from your terminal: WHOIS, DNS, SSL/TLS, HTTP security headers, reputation (DNSBL/Spamhaus) and subdomain discovery. Runs locally, JSON output, CI-friendly exit codes.

Readme

domainintel

npm license node

Domain intelligence from your terminal. One command runs WHOIS, DNS, SSL/TLS, HTTP security headers, blocklist reputation and subdomain discovery against any domain, prints a readable report, and exits non-zero when something's wrong, so it drops straight into CI.

It's the command-line companion to domainintel.app and the DomainIntel MCP server, built on the same analysis engine.

$ domainintel github.com

domainintel • github.com

Security score   A  81/100

WHOIS
────────────
  Registrar  MarkMonitor, Inc.
  Created    2007-10-09
  Expires    2026-10-09 (105 days)
  Privacy    disabled

SSL / TLS certificate
─────────────────────
  Issuer      Sectigo Limited
  Expires in  38 days
  Protocol    TLSv1.3

HTTP security headers
─────────────────────
  Grade  B (72%)
  ✓ strict-transport-security
  ✓ content-security-policy
  ...

✓ No issues detected.

Why

  • Runs locally. Queries go straight to the authoritative DNS, WHOIS and TLS endpoints (and crt.sh for subdomains). Nothing is sent to a domainintel.app server. Your lookups stay yours.
  • No install required. npx @domainintel/cli example.com.
  • Zero runtime dependencies. Ships as a single self-contained bundle.
  • Scriptable. --json for piping to jq, meaningful exit codes for CI gates.

Install

# one-off, no install
npx @domainintel/cli example.com

# or install globally for the `domainintel` command
npm install -g @domainintel/cli
domainintel example.com

Requires Node.js 18 or newer.

Usage

domainintel <domain>              Full report (default)
domainintel <command> <domain>    Run a single check

Commands

| Command | What it checks | |---------------|----------------| | full | Everything below, plus an overall A+–F security score (default) | | dns | A, AAAA, MX, TXT, NS, CNAME, CAA records + SPF/DMARC presence + misconfig warnings | | whois | Registrar, creation/expiry/updated dates, privacy status, registrant country | | ssl | TLS certificate: validity, issuer, expiry countdown, protocol, SANs | | headers | HTTP security headers (HSTS, CSP, X-Frame-Options, …) with a letter grade | | reputation | DNSBL and Spamhaus blocklist checks | | subdomains | Subdomain discovery via Certificate Transparency logs |

Options

| Flag | Description | |------|-------------| | --json | Output raw JSON instead of the formatted report (pipeable to jq) | | -e, --exit-code | Exit 1 if the check finds problems (for CI gates) | | --fail-under <days> | (ssl) Exit 1 if the certificate expires within <days> | | --no-color | Disable coloured output (also respects NO_COLOR and non-TTY pipes) | | --debug | Show the underlying analyzer's debug logs on stderr | | -h, --help | Show help | | -v, --version | Show version |

Exit codes

| Code | Meaning | |------|---------| | 0 | Ran successfully; no problems (or --exit-code not set) | | 1 | Ran successfully but found problems (only when --exit-code is set) | | 2 | Could not run: bad usage, invalid domain, or an analysis failure |

Examples

Pipe JSON to jq:

domainintel dns example.com --json | jq '.dns.mx'
domainintel ssl example.com --json | jq '.ssl.daysRemaining'

Gate a deploy on certificate expiry:

# fails the build if the cert expires within 14 days
domainintel ssl yourdomain.com --fail-under 14 --exit-code

Fail if SPF/DMARC are misconfigured:

domainintel dns yourdomain.com --exit-code

Audit a fleet of domains:

cat domains.txt | xargs -I{} domainintel whois {} --json > whois.ndjson

Use in CI

GitHub Actions

Catch an expiring certificate before your users (or your monitoring) do:

name: domain-health
on:
  schedule:
    - cron: '0 6 * * *'   # daily
  workflow_dispatch:

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/setup-node@v4
        with:
          node-version: 20
      - name: SSL certificate not expiring within 21 days
        run: npx @domainintel/cli ssl ${{ vars.DOMAIN }} --fail-under 21 --exit-code
      - name: DNS / email auth configured
        run: npx @domainintel/cli dns ${{ vars.DOMAIN }} --exit-code

GitLab CI

domain-health:
  image: node:20
  script:
    - npx @domainintel/cli ssl "$DOMAIN" --fail-under 21 --exit-code

JSON output

--json emits the same structure the MCP server returns. Single checks are wrapped under their key ({ "domain": ..., "dns": {...} }); full returns the complete report including securityScore. Stdout stays clean even for the noisier checks, so it's always safe to pipe.

Related

  • domainintel.app — the full web dashboard with PDF export.
  • @domainintel/mcp — the same engine as a Model Context Protocol server, so AI agents (Claude, Cursor) can run these checks directly.
  • Guides — explainers on DNS, SPF/DMARC, SSL, security headers and more.

License

MIT