npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@heart-it/p2p-hello

v0.1.0

Published

heartIT lab #1 — two strangers, one passphrase, a hole-punched encrypted connection. Companion to the P2P from Scratch series.

Readme

p2p-hello — heartIT lab #1

Companion lab for the P2P from Scratch series on heartit.tech.

Two strangers run one command with the same passphrase. Their machines find each other through the Hyperswarm DHT, hole-punch a direct UDP path, open a Noise-XX-encrypted stream, and say hello. No server, no account; kill it and nothing remains.

npx @heart-it/p2p-hello swordfish

Run it in two terminals — better, on two networks (laptop + phone hotspot), because same-LAN peers connect directly without needing the punch.

What you'll see

  • the 32-byte topic (a salted hash of your passphrase — the DHT sees the hash, never the phrase)
  • the peer's Noise key (their ephemeral identity for this session)
  • the UDP path — their actual host:port, meaning the connection was hole-punched, not relayed
  • an end-to-end encrypted hello (secret-stream won't give you less)

Each line maps to a part of the series: DHT announce/lookup, reflexive address discovery, the punch, and the encrypted transport on top.

Publishing checklist (maintainer)

npm (current distribution):

npm publish --access public

Pear (when pear install stabilizes): the pear block in package.json is already staged for it. Mind two things:

  1. pear touch mints the pear:// link once; then pear stage pear://<key> . and pear release pear://<key>; keep it available with pear seed pear://<key> on an always-on peer.
  2. pear stage has no default ignores since v2.4 — the pear.stage.ignore list in package.json is load-bearing. Anything staged into the drive is public and content-addressed forever; verify with pear info before the first release. (pear run is deprecated/removed — end users arrive via pear install once it ships stable.)

The lab is intentionally ~80 lines. Readers should be able to hold the whole thing in their head — that's the point.