npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@greenarmor/cli-boilerplate

v2.5.1

Published

A powerful Node.js CLI boilerplate with semantic-release, commitlint, husky, GitHub Actions, and modular generators for components, pages, hooks, layouts, services, styles, and tests.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

coremates.devcoremates.dev

Keywords

cliboilerplatesemantic-releaseautomationstartergeneratorcomponentpagehooklayoutservicestyletest

Readme

@greenarmor/cli-boilerplate

GitHub Pages

A fully-featured starter boilerplate for building and publishing your own CLI tools using Node.js + npm.

Use the prebuilt cli inside an existing web application, or rebrand this boilerplate to create your own CLI with extra automation tools. Rebranding aims to boost automation for web app development and is perfect for DevOps workflows.

Features

  • Publish-ready scoped CLI
  • cli global command and modular generators
  • AI chat command for natural-language scaffolding (dev-only)
  • cli bump version bump tool
  • --dry-run mode
  • Git commit + tag + push
  • Optional npm publish
  • GitHub release note generation
  • GitHub Releases automation
  • Semantic release support
  • Modular code generators for components, pages, hooks, layouts, services, contexts, styles, and tests
  • Framework detection with per-framework templates and a --framework override
  • Extensible through a plugin system
  • Optional TypeScript templates via --ts
  • Jest test suite for generators
  • Banner, help menu, and badges
  • Ideal for open-source CLI products
  • DevOps-friendly automation for releases and scaffolding

Quick Start

Choose the workflow that fits your needs.

Use cli in an existing project

npm install -g @greenarmor/cli-boilerplate
cd path/to/your-existing-project
cli generate:component Button

The generators detect your framework and drop files into your project automatically.

Rebrand and extend your own CLI

  1. Set Git identity (optional but recommended):
git config --global user.name "your_github_username"
git config --global user.email "[email protected]"
  1. Scaffold a new CLI, ready to receive more automation tools:
npx @greenarmor/cli-boilerplate my-cli
  1. (Optional) Include extras during creation:
  • --with-emoji – show emoji-enhanced output
  • --full-stack – add ESLint, Prettier, Husky, Lint-Staged, Jest, ZX, Inquirer, Update Notifier, and more CLI polish libraries
npx @greenarmor/cli-boilerplate my-cli --with-emoji --full-stack
  1. Link and try your branded CLI:
cd my-cli
npm install
npm link
my-cli --help

CLI Tooling

AI Chat (dev only)

Chat with the CLI using natural language to run allowed generator commands.

npm run chat
# or
cli chat

Requires OPENAI_API_KEY in your environment. Put the key in a .env or export it globally:

  • macOS/Linux: echo 'export OPENAI_API_KEY="sk-..."' >> ~/.bashrc && source ~/.bashrc
  • Windows: setx OPENAI_API_KEY "sk-..."

NODE_ENV=production disables chat mode.

Within chat mode you can type natural phrases and the CLI will map them to commands:

AI> generate a component called Button
AI> scan the project with the npm scanner
AI> initialize the scanner config
AI> list patches
AI> apply patch readme-fix.patch
AI> bump the version
AI> generate the changelog
AI> install shell completion
AI> start the mcp server
AI> index docs for rag
AI> query rag for authentication

Start the MCP server directly (development only):

NODE_ENV=development cli mcp:serve

Generators

cli generate:component Button
cli generate:hook useAuth
cli generate:context Auth
cli generate:authlogin auth

Other supported generators:

  • page – scaffold a new page component
  • layout – create a layout template
  • service – generate a service module
  • style – add a stylesheet file
  • test – create a test file
  • context – create a context module
  • authlogin – scaffold a JWT auth server, client helpers, and a users table schema

Run cli --help to see available generator commands.

Use the --ts flag to scaffold TypeScript files instead of JavaScript:

cli generate:component Button --ts

Auth Login Generator

cli generate:authlogin creates a JWT-ready authentication system:

auth/
  client.js   # login helpers and token storage
  server.js   # Express server with JWT + bcrypt
  schema.sql  # PostgreSQL users table

Install runtime dependencies before running the server:

npm install express jsonwebtoken bcrypt pg

Configure your database connection and set JWT_SECRET, then start the server:

node auth/server.js

Log in with a POST /login containing email and password to receive a JWT token. The token can be used via the Authorization header or the generated client helper's fetchWithAuth. Apply the database schema with:

psql -f auth/schema.sql

Security Scanning

Run cli scan:init to generate a .cli-scannersrc file with sample scanner definitions.

The cli scan command runs pluggable security tools. Register scanners under cli.scanners in package.json or provide defaults in .cli-scannersrc.

Install required scanners first (ZAP is not bundled):

  • npm – uses npm audit to inspect dependencies. Requires Node.js and npm (v7+) in your PATH.
  • OWASP ZAP – dynamic application testing via zap-baseline.py or zap.sh. Download ZAP or install with a package manager (brew install zaproxy) or Docker.

cli scan usage

Run a registered scanner against a project directory or URL:

# run npm audit on the current project
cli scan --scanner npm --target .

# run OWASP ZAP against a URL, save an HTML report, and only show high issues
cli scan --scanner zap --target https://example.com \
  --report zap-report.html --severity high

Use --report <file> to write findings to a JSON or HTML report. The --severity <level> flag filters results below the threshold (info, low, moderate, high, critical).

Configure defaults or pass arguments per scanner in your project:

{
  "cli": {
    "scanners": {
      "npm": "./scripts/scanners/npm.js",
      "zap": "./scripts/scanners/zap.js"
    }
  },
  "scan": {
    "severity": "moderate",
    "zap": { "args": ["-r", "zap-report.html"] }
  }
}

CI/CD integration & security best practices

Include cli scan in CI pipelines to fail builds on severe vulnerabilities:

cli scan --scanner npm --severity high

Always scan only systems you own or have explicit permission to test.

Version Bump

cli bump [--github-release] [-u] [-r <count>]

Supports:

  • Select bump type (patch, minor, major)
  • Git log + changelog preview
  • Optional GitHub push + npm publish
  • GitHub release notes preview (-u for Unreleased heading)
  • Optional GitHub release (--github-release, requires GITHUB_TOKEN)
  • --dry-run support

GitHub Release Automation

To create a release on GitHub as part of the bump workflow:

export GITHUB_TOKEN=ghp_YourTokenHere
cli bump --github-release

This flag runs scripts/release-to-github.js after pushing commits and tags. You can also run the script directly if needed:

node scripts/release-to-github.js

Semantic Release via CI

This project includes semantic-release support out of the box:

  • Automated changelog
  • GitHub Releases
  • npm publishing

Requirements:

  • NPM_TOKEN in GitHub Actions secrets
  • GITHUB_TOKEN in GitHub Actions secrets

Security & Environment

  • This CLI is a development tool. Install as a devDependency and do not import it in app runtime.
  • Add secrets locally in .env (never commit). Copy from .env.example.
  • AI chat / RAG / MCP commands are disabled when NODE_ENV=production.
  • CI uses GitHub Secrets (Settings → Secrets and variables → Actions).

Deployment Safety Checklist

  • [ ] .env ignored by git
  • [ ] OPENAI_API_KEY only in local .env or CI secrets
  • [ ] NODE_ENV=production for production workflows
  • [ ] Dev-only commands (chat, mcp:*, rag:*) blocked in prod
  • [ ] CLI installed as devDependency in app repos
  • [ ] .npmignore / export-ignore exclude docs/examples/tests from npm
  • [ ] CI avoids printing secrets; no echoing keys
  • [ ] Allowed commands enforced for AI chat
  • [ ] Writes constrained to ./src for generators

License

MIT — Customize and distribute freely under your own CLI brand.