npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@firstpick/pi-extension-release-aur

v0.1.6

Published

Pi commands and skill for deterministic AUR setup, review, and release workflows.

Downloads

1,610

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

firstpickfirstpick

Keywords

pi-packagepipi-coding-agentextensionskillaurarchlinuxrelease

Readme

@firstpick/pi-extension-release-aur

Pi package for safely creating, checking, reviewing, committing, and pushing AUR packages.

Commands

Primary triggers:

/release-aur
/release-aur-setup

Subcommands:

/release-aur [plan] [target|all] [--chroot] [--repro] [--no-update-release] [--no-agent-review]
/release-aur publish [target|all] [--chroot] [--repro] [--no-update-release]
/release-aur create <pkgbase> [--push] [--chroot] [--repro] [--no-update-release] [--no-agent-review]
/release-aur logs
/release-aur abort
/release-aur toggle

/release-aur-setup
/release-aur-setup dir [path-to-aur-repos]
/release-aur-setup source [global <source>|package <pkgbase> <source>|clear <pkgbase>|status]
/release-aur-setup ssh
/release-aur-setup status
/release-aur-setup abort
/release-aur-setup help

Default /release-aur action is plan.

By default, release commands check the configured upstream release source before preflight. auto preserves the original behavior by detecting a GitHub repository from PKGBUILD; setup can define a global source and per-package overrides. Supported source specs are auto, github:owner/repo, GitHub URLs, git:<clone-url>, or any git clone URL. If a newer release/tag exists, the workflow updates pkgver, resets pkgrel=1, runs updpkgsums, and regenerates .SRCINFO. Pass --no-update-release to skip this update step.

/release-aur-setup opens a native Pi setup menu. It can save the directory where you keep AUR package repos:

  • /release-aur-setup dir prompts for the AUR repos directory;
  • /release-aur-setup dir ~/aur-packages saves it directly;
  • the path is stored in ~/.pi/agent/release-aur/config.json;
  • bare /release-aur then uses that directory to list repos and prompt for the release target.

The setup menu also includes upstream release source configuration:

  • /release-aur-setup source opens a native Pi menu;
  • /release-aur-setup source global auto keeps GitHub autodetection from PKGBUILD globally;
  • /release-aur-setup source global git:https://example.org/upstream/project.git uses a custom git tag source globally;
  • /release-aur-setup source package <pkgbase> <source> stores a per-package override via the same config file;
  • /release-aur-setup source clear <pkgbase> removes the override so the package falls back to the global source.

The setup menu also includes AUR SSH publishing access:

  • checks required local tools: ssh, ssh-keygen, git;
  • /release-aur-setup status shows the AUR repos directory, release source configuration, local SSH files/config, and also runs the AUR SSH connection test;
  • the setup flow checks ~/.ssh/config first; if Host aur.archlinux.org already exists, it immediately tests the current SSH connection before creating keys or editing config;
  • creates ~/.ssh with private permissions if needed;
  • can create a dedicated ~/.ssh/aur Ed25519 key, or use an existing key path;
  • prefers the ArchWiki-recommended dedicated AUR key model so the key can be revoked independently;
  • configures Host aur.archlinux.org with User aur, IdentityFile ~/.ssh/aur, and IdentitiesOnly yes;
  • displays and can copy the public key so the user can add it in AUR My AccountSSH Public Key;
  • tests the SSH connection with ssh -T aur.archlinux.org after the user confirms the public key is added; setup/status tests use OpenSSH accept-new, so they may add aur.archlinux.org to ~/.ssh/known_hosts.

For fully automated key creation, the setup can create an empty-passphrase key only after a warning and explicit confirmation. Use the manual command option if you want ssh-keygen to prompt for a passphrase.

Web UI output

/release-aur streams workflow output through Pi extension widgets using Web UI-compatible text payloads. In Pi Web UI, the companion renderer shows a scrollable AUR release card with phase, compact/expanded line counts, elapsed time, and Toggle output/Abort actions.

Safety model

/release-aur plan:

  • checks configured upstream release sources before preflight and, when newer, updates PKGBUILD/.SRCINFO in the package repo;
  • resets pkgrel=1 when pkgver is bumped;
  • updates checksum arrays with updpkgsums after a version bump;
  • runs build checks in a temporary copy of the package directory;
  • verifies makepkg --printsrcinfo and compares it to committed .SRCINFO;
  • runs makepkg --verifysource;
  • runs a full makepkg --clean --cleanbuild --force --noconfirm build without --syncdeps;
  • inspects built package metadata/file count with pacman -Qip/pacman -Qlp when available;
  • runs namcap on PKGBUILD and built package artifacts when available;
  • treats namcap E: findings as blockers by default;
  • optionally runs pkgctl build with --chroot;
  • optionally runs makerepropkg with --repro;
  • saves a log under ~/.pi/agent/release-aur-logs/;
  • queues an agent GO/NO-GO review prompt before any push.

/release-aur publish:

  • re-runs latest-release update checks and preflight checks first;
  • requires interactive user confirmation;
  • regenerates .SRCINFO using makepkg --printsrcinfo > .SRCINFO;
  • stages PKGBUILD, .SRCINFO, tracked changes, and safe helper-file patterns only;
  • refuses obvious artifacts such as src/, pkg/, *.pkg.tar.*, and *.src.tar.*;
  • runs git diff --cached --check;
  • commits with Initial import or Update <pkgbase> to <pkgver>-<pkgrel>;
  • pushes explicitly to AUR master with git push <aur-remote> HEAD:master.

/release-aur create <pkgbase> is an idempotent/convergent setup flow:

  • missing or empty <pkgbase>/: clone ssh://[email protected]/<pkgbase>.git;
  • existing Git repo: ensure an AUR remote exists and generate .SRCINFO if PKGBUILD exists;
  • existing non-Git directory with PKGBUILD: move it to <pkgbase>.pkgbuild-staging.<timestamp>, clone the AUR repo into <pkgbase>/, copy safe package files back, and generate .SRCINFO;
  • conflicting package files in a non-empty AUR clone are refused for manual merge instead of overwritten.

If no PKGBUILD exists after setup, Pi prompts natively:

  • Yes, let Agent create it. — queues an agent task to write the PKGBUILD.
  • Yes, add it from: /Path/to/file — copies an existing PKGBUILD into the AUR repo and continues.
  • No, but create a template PKGBUILD. — opens a native Pi selector for bundled templates under templates/pkgbuild/:
    • Python — PEP 517 wheel from GitHub release tag
    • Rust — cargo release build from GitHub release tag
    • Go — go build from GitHub release tag It then asks for GitHub URL, pkgver, pkgdesc, license, and binary name where needed; attempts checksum refresh with updpkgsums; and continues checks.
  • No, I will add it later. — stops safely after repo setup.

By default it then runs plan checks and queues an agent GO/NO-GO review. With --push, it continues to publish after the plan passes and the user confirms.

It also writes a conservative .gitignore that ignores everything except common AUR package files.

Expected workspace structure

Works from either:

aur-packages/
  package-a/
    .git/
    PKGBUILD
    .SRCINFO
  package-b/
    .git/
    PKGBUILD
    .SRCINFO

or directly inside one AUR package clone:

package-a/
  .git/
  PKGBUILD
  .SRCINFO

When multiple package directories are found, /release-aur prompts for a target or all. If /release-aur-setup dir has configured an AUR repos directory, target discovery uses that directory from any current working directory; otherwise it uses the current directory.

Recommended local tools

Minimum:

  • git
  • makepkg / pacman

Recommended:

  • namcap
  • shellcheck
  • devtools (pkgctl build, makerepropkg)

Install on Arch-based systems as needed:

sudo pacman -S --needed base-devel git namcap shellcheck devtools pacman-contrib

Arch guidance encoded

This workflow follows these ArchWiki rules/guidance:

  • AUR write access requires an SSH key pair; the public key must be added to the AUR account profile and the private key configured for aur.archlinux.org.
  • A dedicated AUR SSH key is preferred over reusing an existing key so it can be revoked independently.
  • AUR uploads should be reviewed carefully before submission.
  • New AUR package repositories are initialized by cloning ssh://[email protected]/<pkgbase>.git.
  • .SRCINFO must be regenerated when PKGBUILD metadata changes.
  • When upstream pkgver is bumped, pkgrel resets to 1 and checksum arrays must match the new sources.
  • At least PKGBUILD and .SRCINFO must be committed and pushed.
  • AUR accepts pushes to master.
  • Package testing should include makepkg, package content inspection, dependency review, and namcap sanity checks.
  • Reproducibility can be checked with makerepropkg/repro when feasible.

Install

From this workspace:

pi install ./pi-extension-release-aur

After publishing to npm:

pi install npm:@firstpick/pi-extension-release-aur