npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@dotarc/cli

v0.3.1

Published

DotArc CLI — stop sharing secrets, start syncing them.

Downloads

1,925

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

dotarcdotarc

Keywords

Readme

DotArc CLI

Stop sharing secrets, start syncing them.

DotArc is an "Apple-grade" secrets management platform designed to kill the plain-text .env file forever. The DotArc CLI provides a zero-trust bridge between your encrypted cloud vault and your local development environment.

npm version License: MIT

Why DotArc?

Traditional secret management is broken. Sharing .env files over Slack, committing keys to GitHub, and keeping plain-text secrets on your hard drive are massive security liabilities.

DotArc fixes this by injecting secrets directly into your process memory at runtime. No secrets on disk. No manual sharing. Just clean, encrypted syncing.

Quick Start

1. Installation

Install the CLI globally via npm:

npm install -g @dotarc/cli

2. Authentication

Securely link your machine using our browser-based OAuth handshake:

dotarc login

3. Initialize your Project

Link your current directory to a DotArc project and environment:

dotarc init

Tip: DotArc will automatically detect your local .env and offer to sync it to the cloud vault for you.

Core Commands

dotarc run -- <your-command>

The Gold Standard. Injects your secrets directly into your process without ever writing them to disk.

dotarc run -- npm run dev

The Obsidian Core: When you use run, DotArc activates a secure runtime guard that:

  • Redacts secrets from console.log output.
  • Detects and blocks environment memory dumps.
  • Sends live security violation alerts to your dashboard.

dotarc pull

For legacy workflows that require a file on disk. Generates a .env file and automatically patches your .gitignore to prevent accidental commits.

dotarc pull --env production --output .env.prod

dotarc push <key> [value]

Quickly add or update a secret in the cloud vault from your terminal.

dotarc push STRIPE_SK sk_live_...

dotarc detect

Audit your codebase for hardcoded secrets (AWS keys, Stripe tokens, etc.) and environment variable usage.

dotarc detect . --leaks-only

Command Reference

| Command | Description | | :--- | :--- | | login | Authenticate via browser OAuth or API token. | | init | Link directory to a project and patch package.json. | | run | Execute a command with injected secrets (Direct-to-Memory). | | pull | Download secrets to a local file. | | push | Create/Update secrets in the cloud vault. | | scan | Perform a runtime security audit for secret exfiltration. | | verify | Test SDK/API compatibility with the secure runtime. | | whoami | Show the currently authenticated user. |

Security First

DotArc uses AES-256-GCM encryption for all secrets at rest. By using dotarc run, you ensure that sensitive credentials only exist in the volatile memory of your process, significantly reducing the attack surface of your development machine.

Links

Built with ❤️ by the DotArc Team. "Security shouldn't just be effective; it should be beautiful."