npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@gatetest/cli

v1.58.1

Published

GateTest — 120-module QA gate with MCP. Eyes (screenshot live pages), ears (production errors), hands (verify fixes worked). Security, supply chain, AI safety, mutation testing. Iterative Claude fix loop. Replaces SonarQube + Snyk + ESLint + 10 others.

Readme

GateTest

One gate. 120 modules. Self-healing CI.

AI-powered code quality. Pay per scan via Stripe.

GateTest

CI License: MIT Modules Tests Node


The 30-second pitch

GateTest is a single CLI plus a composite GitHub Action that runs 110 static-analysis modules against any codebase, then uses Claude to repair the findings it can. It replaces SonarQube, Snyk, ESLint, Cypress, Lighthouse, axe, pa11y, and twenty-plus other tools with one config, one gate decision, and one report.

It is different because the cost trends to zero. Deterministic AST and rule-based layers run first — these are free and ship the fix in milliseconds. Claude only runs on patterns nothing else has seen. Every Claude win is distilled into a reusable recipe, so the next time the same pattern appears anywhere in the network it is handled for free. The longer you run GateTest, the less of it is paid work.

What you get depends on the tier. A pull request with the fixes, regression tests pinned to each fix, an architecture-shape critique, a cross-finding attack-chain analysis, and a CTO-readable executive summary — in whichever combination the tier you bought includes. One-time payment per scan via Stripe at checkout. No subscription, no auto-renew.


Install & Usage — 30 seconds

GitHub Action — recommended for most users

Drop this in .github/workflows/gatetest.yml:

name: GateTest Quality Gate
on: [push, pull_request]
jobs:
  gate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: crclabs-hq/[email protected]
        with:
          suite: full
          auto-fix: ${{ github.event_name == 'pull_request' }}
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

The action is a composite — no Docker pull, no container build. It installs GateTest, runs the gate, and if auto-fix: true and ANTHROPIC_API_KEY is set, runs the AI repair loop on a blocking gate. See action.yml for every input.

CLI — local development

# Run against the current directory, no install:
npx github:crclabs-hq/GateTest --suite quick

# Or clone and run from source:
git clone https://github.com/crclabs-hq/GateTest
cd gatetest && npm install
node bin/gatetest.js --suite quick

Install: npm install -g @gatetest/cli

Pre-push sweep

Run the full pre-merge sweep locally in one command:

npm run sweep          # ~30-60s — tests + build + gate + secrets + self-scan

This runs the same seven checks that block a merge in CI. Verdict is green or red. Exit code is 0 or 1, matching CI exactly.

Fast path during iteration:

npm run sweep -- --fast    # skip tests + build, gate-only, ~3-5s

See gatetest sweep --help for every flag.

Claude Code / MCP — give Claude eyes, ears & hands

Connect GateTest directly to Claude Code (or any MCP-compatible AI) in one command:

claude mcp add gatetest -- npx -y @gatetest/mcp-server

24 tools across five families:

| Family | Tools | What it gives Claude | |--------|-------|----------------------| | Engine | scan_local, run_module, fix_issue, verify_fix, … | Scan + fix local code | | 👁 Eyes | capture_screenshot, get_visual_diff | See the rendered page as a real image | | 👂 Ears | get_production_errors, run_live_checks | Hear Sentry/Datadog/Rollbar errors + localhost runtime failures | | 🤝 Hands | verify_fix | Hard ✅/❌ — prove the fix actually worked | | 🔬 Root Cause | resolve_stack_trace, blame_regression | Resolve a minified stack trace to original file:line via source maps; find the git commit that introduced a specific line. Same engines are also CLI subcommands (gatetest trace, gatetest blame) — one implementation, both entry points |

Works with Claude Code, Cursor, Windsurf, Continue, and Cline. See packages/mcp-server/ for the full tool reference and example prompts.

Website — no install at all

Visit gatetest.ai/web and paste any URL. You get a free preview and a paid full report. For WordPress sites use gatetest.ai/wp.

Replay a failing CI run locally

Reproduce any failing GitHub Actions run on your laptop in seconds:

gatetest replay https://github.com/owner/repo/actions/runs/12345

This fetches the run, identifies which steps failed, and runs them locally against your current working tree. Output tells you whether the failure reproduces, doesn't reproduce (flaky CI), or hits a different error.

Authentication is optional — if you have a GITHUB_TOKEN set or gh CLI installed, replay can read private repo runs. Otherwise it uses the unauthenticated rate limit (60 req/hour, fine for a few replays).

Root-cause a bug from the CLI

# Resolve a minified stack trace back to original file:line:column
cat error.log | gatetest trace -

# Find which commit introduced a specific line (read-only — never
# checks out or mutates the working tree)
gatetest blame src/app.js --line 42

Both subcommands share the exact same engine as the MCP resolve_stack_trace and blame_regression tools — run them by hand or let Claude call them mid-fix-loop; the answer is identical either way. Run gatetest trace --help or gatetest blame --help for the full option list.


The flywheel — why GateTest gets cheaper over time

                ┌──────────────────────────┐
   CI BREAKS    │  Failed workflow run     │
       ──>      └────────────┬─────────────┘
                             │
                ┌────────────▼─────────────┐
                │  AI CI-fixer reads logs  │
                │  + failing files         │
                └────────────┬─────────────┘
                             │
              ┌──────────────┼──────────────┐
              │              │              │
              ▼              ▼              ▼
         ┌────────┐    ┌────────┐    ┌────────┐
         │  AST   │ →  │  Rule  │ →  │ Recipe │   ─── ALL FREE ───
         └────┬───┘    └────┬───┘    └────┬───┘
              │             │             │   (none matched?)
              └─────────────┴─────────────┘
                             │
                             ▼
                ┌──────────────────────────┐
                │ Claude — paid, one shot  │
                │ Result distilled into a  │
                │ recipe for next time     │
                └────────────┬─────────────┘
                             │
                             ▼
                ┌──────────────────────────┐
                │  PR opens with the fix   │
                │  + regression test       │
                └──────────────────────────┘

First time we see a pattern: Claude. Every time after: free. The longer you run GateTest, the cheaper it gets.


What it replaces

One config, one bill, one gate decision. Twelve-plus tools dissolve into single CLI flags.

| Their tool | GateTest module | | ------------------------------------------ | -------------------------------------------------- | | Snyk Code, Dependabot, npm audit | security, dependencies | | SonarQube | codeQuality + every other module | | ESLint, Stylelint | lint | | Cypress, BrowserStack, Sauce Labs | e2e | | Lighthouse | performance | | axe, pa11y | accessibility | | Percy, Chromatic | visual | | git-secrets, TruffleHog | secrets, secretRotation | | hadolint, dockle | dockerfile | | actionlint, zizmor, StepSecurity | ciSecurity | | tfsec, Checkov, Terrascan | terraform | | kube-score, kubeaudit, Polaris | kubernetes | | Stryker, Pitest | mutation | | broken-link-checker | links | | (none — fragmented across ESLint rules) | errorSwallow, nPlusOne, flakyTests | | (none — no static tool exists) | redos, moneyFloat, logPii, tlsSecurity | | (none — runtime profilers only) | resourceLeak, raceCondition, retryHygiene |

Twelve-plus tools. One config. One bill. Full module catalogue: run node bin/gatetest.js --list or read it on gatetest.ai.


Tiers and pricing

One-time payment per scan via Stripe at checkout. No subscription, no auto-renew. Refunds only at our discretion for scans that failed to start or crashed mid-way without producing a report (contact [email protected]).

| Tier | Price | What you get | | ----------------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | | Quick Scan | $29 | 4 modules — syntax, linting, secrets, code quality. Fastest path to a first signal. Scan-only — no auto-fix. | | Full Scan | $99 | All 110 modules. SARIF + JUnit reports. Scan-only — auto-fix ships at the Scan + Fix tier. | | Scan + Fix | $199 | Everything in Full, plus a second-Claude pair-review critique on every fix and an architecture-shape design-observations report. | | Forensic Scan | $399 | Everything in Scan + Fix, plus real Claude diagnosis on every finding, cross-finding attack-chain correlation, board-ready CISO report (OWASP / SOC2 / CIS v8 / 30-60-90), and a CTO-readable executive summary. Mutation testing and chaos / fuzz pass are also available via the GitHub Action (mutation: true / chaos: true) — they need a CI runner to execute your test suite and a headless browser, so they ship with the Action rather than the website-only scan. |

Live prices and Stripe checkout at gatetest.ai.


Honest limits

GateTest is not magic. The things it does not yet do, said out loud:

  • Headless-browser modules (liveCrawler, runtimeErrors, explorer, chaos) degrade gracefully on Vercel serverless. Chromium cannot launch inside the function. The modules emit an info-level skip and the rest of the scan continues — full power requires the CLI, a worker, or local dev.
  • installation_id is not persisted across GitHub App installs. Multi-org customers cannot yet be correlated to a single billing account; this is tracked as Known Issue #22 in CLAUDE.md.
  • PR comments are not idempotent. A busy PR with many pushes will collect duplicate scan comments. Tracked as Known Issue #23.

The full Known Issues table (with severity and status) lives in CLAUDE.md — that file is the project's source of truth.


Architecture

Static engine. 110 modules, every one extending BaseModule. Each module is a self-contained scanner that emits checks at three severity levels (error blocks the gate, warning reports, info is informational). The runner is EventEmitter-based, supports parallel execution, diff-mode (--diff scans only git-changed files), watch mode, and five output formats (Console, JSON, HTML, SARIF for the GitHub Security tab, JUnit XML for any CI). The gate has zero runtime dependencies aside from one MCP SDK pin — node bin/gatetest.js --list runs anywhere Node 20+ runs.

Website and payments. gatetest.ai is Next.js 16 with the App Router, Tailwind 4, and Stripe in per-scan upfront-charge mode. One-time payment per scan at checkout — no subscription, no auto-renew, no hold-then-capture flow. All scan state is persisted in Stripe metadata so the serverless functions stay stateless across requests — there is no shared in-memory state and no webhook is required for the critical user flow. The scan executes inside the function response and reports back directly.

AI layer. Claude (Anthropic). On the GitHub Action the customer brings their own ANTHROPIC_API_KEY and pays Anthropic directly. On the website the key is managed and the cost is folded into the tier price. Every Claude success is distilled into a recipe by the flywheel orchestrator (see lib/ and the AI CI-fixer at scripts/ai-ci-fixer.js) so subsequent runs on the same pattern are deterministic and free.

The codebase ships under MIT, the gate runs locally with no external calls, and every architectural decision is documented inline in CLAUDE.md.


Real-repo proofs

GateTest is dogfooded against itself on every push, and the team runs the full Forensic pipeline against external production codebases before shipping changes that touch the deeper tiers. The reports below are reproducible artifacts in this repo:


Develop and contribute

git clone https://github.com/crclabs-hq/GateTest
cd gatetest
npm install
(cd website && npm install)
node --test tests/*.test.js
node bin/gatetest.js --list

The Bible — CLAUDE.md — is required reading for contributors. It defines the architecture, the quality bar, the forbidden list, the protected platforms, and the authorization rules that apply to anything touching money, user data, or public-facing communication.

Bug reports and feature requests are welcome via GitHub Issues. Small PRs that fix one thing and add a test are merged fastest. The pre-commit and pre-push hooks under src/hooks/ run the gate locally — running them before pushing keeps CI green.


License

MIT — see LICENSE.