npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@geenius/release-toolkit

v0.10.0

Published

Centralized, opt-out-able release toolkit for every Geenius package and boilerplate. One canonical CLI (geenius-release) replaces the per-package supply-chain / license / SBOM / smoke-packed / gauntlet scripts.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mxn2020mxn2020

Keywords

geeniusreleasesupply-chainsbomlicenseauditgauntletdev-toolscli

Readme

@geenius/release-toolkit

Canonical release toolkit for every Geenius package and boilerplate. One CLI (geenius-release) replaces the per-package supply-chain / license / SBOM / smoke-packed / gauntlet scripts that previously lived as 26–36 hand-copied duplicates.

Dev-only. Add to devDependencies; never appears in your runtime bundle.

pnpm add -D @geenius/release-toolkit

Quick start

Wire the canonical scripts into your package.json:

{
  "scripts": {
    "audit:supply-chain": "geenius-release supply-chain",
    "audit:license":      "geenius-release license",
    "audit:sbom":         "geenius-release sbom",
    "test:smoke-packed":  "geenius-release smoke-packed",
    "test:gauntlet":      "geenius-release gauntlet"
  }
}

No config file required — the toolkit ships ecosystem-sensible defaults. Add release-toolkit.config.json next to package.json to override.

Subcommands (v0.1)

| Subcommand | Replaces | Description | | --- | --- | --- | | supply-chain | 26 per-package scripts | pnpm audit + osv-scanner + Socket + license, all required/optional configurable | | license | 36 copies of license-check.mjs | Forbidden-license scan over installed deps | | sbom | 36 copies of sbom.mjs | CycloneDX 1.5 JSON SBOM (optional SPDX via syft) | | smoke-packed | 36 copies of smoke-packed-imports.mjs | Pack, install, dynamic-import every subpath in package.json:exports | | gauntlet | The &&-chained pnpm test:gauntlet macro | Compose the configured step sequence into one structured report |

v0.2 adds coverage-report, diff-coverage, mutation-report, a11y-report, size-check. v0.3 adds storybook, publint, attw, perf-smoke.

Opting out of Socket

Socket requires a free account. To opt out:

{
  "supplyChain": {
    "scanners": { "socket": { "required": false } }
  }
}

required: false is the default for every boilerplate. Internal @geenius/* packages opt-in to strict mode in CI via SOCKET_API_TOKEN. Env override for one-off CI runs:

GEENIUS_SUPPLY_CHAIN_SOCKET=off geenius-release supply-chain

Configuration reference

See .docs/DOCS/PACKAGES/RELEASE_TOOLKIT.md for the full config schema and examples, and .docs/PRDS/packages/PACKAGE_RELEASE_TOOLKIT_PRD.md for the design rationale.

Exit codes

| Code | Meaning | | --- | --- | | 0 | Required steps passed (optional steps may have skipped) | | 1 | At least one required step failed | | 2 | Configuration error | | 3 | Environment error (missing pnpm, missing lockfile) | | 4 | Internal toolkit bug |

Stable across versions. CI integrations can rely on them.

Optional git hooks

The toolkit ships a non-blocking pre-push hook template at templates/husky/pre-push. It runs pnpm run audit:supply-chain before each push and reports findings without blocking the push (remove the trailing || exit 0 in the script to make findings blocking).

Install per-repo:

cp node_modules/@geenius/release-toolkit/templates/husky/pre-push .husky/pre-push
chmod +x .husky/pre-push

The hook is not auto-installed by adding the toolkit as a dependency — adoption is opt-in.

Reports

Every subcommand writes a JSON report at .eval/release-toolkit/<command>.json. The shape is documented in src/types.ts and is consumed by CI integrations and downstream report aggregators.

Development

pnpm install
pnpm build
pnpm test
pnpm lint
pnpm exec geenius-release gauntlet   # dogfood

License

FSL-1.1-Apache-2.0