npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@hugsylabs/plugin-node

v0.1.1

Published

Node.js development support for Hugsy - adds Node.js toolchain permissions and hooks

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

kyle.treskyle.tres

Keywords

hugsypluginnodenodejsnpmyarnpnpmjavascriptclaude-code

Readme

@hugsylabs/plugin-node

Streamlined Node.js development support for Hugsy - focused on preventing real errors without being annoying.

✨ What's New (v0.1.0) - "The Less Annoying Edition"

  • 🎯 Focused Protection - Only prevents actual mistakes
  • 🤫 Much Quieter - 80% less output, all messages are 1 line
  • 🚪 Always Escapable - Every check has a --force option
  • 🗑️ Removed Annoyances - No more auto-install, auto-lint, or "helpful" tips

What It Actually Does Now

✅ Keeps (The Good Stuff)

  • Changeset Branch Protection - Prevents changeset version on wrong branch
  • Smart Package Manager Warning - Only warns when lockfiles were recently changed
  • Missing Dependencies Check - Tells you when node_modules is missing
  • Dependency Conflict Detection - Warns about version mismatches in monorepos

❌ Removed (The Annoying Stuff)

  • ~~Auto-install dependencies~~ - You know when to run npm install
  • ~~Auto-lint on commit~~ - Use husky if you want this
  • ~~Auto-test on push~~ - Again, use husky
  • ~~Node version nagging~~ - .nvmrc already does this
  • ~~Security audit spam~~ - npm already shows this
  • ~~"Helpful" tips~~ - You don't need to be told to check for updates

Installation

npm install @hugsylabs/plugin-node

Usage

Add to your .hugsyrc.json:

{
  "plugins": ["@hugsylabs/plugin-node"]
}

Examples of the New Simplified Output

Before vs After

Changeset Protection:

# Before: 15 lines of explanation
# After:
❌ changeset version requires main branch (use --force to override)

Package Manager Detection:

# Before: Warned every single time
# After: Only when lockfile was recently updated
⚠️  pnpm-lock.yaml was recently updated, consider: pnpm install

Missing Dependencies:

# Before: Auto-installed without asking
# After: Simple reminder
⚠️  Missing node_modules. Run: npm install

Escape Hatches

Every protection can be bypassed when needed:

# Force changeset version on feature branch
pnpm changeset version --force

# Skip all checks with environment variables
HUGSY_SKIP=1 npm install

Permissions

Allow

  • Node.js execution (node, npx, tsx, ts-node)
  • Package managers (npm, yarn, pnpm, bun)
  • Node version managers (nvm, n, fnm)
  • Common scripts (npm run, npm test, npm start, etc.)
  • Testing frameworks (jest, vitest, mocha, playwright, cypress)
  • Linters and formatters (eslint, prettier, standard)
  • Build tools (webpack, vite, rollup, esbuild, turbo, tsc)
  • JavaScript/TypeScript file operations

Ask

  • Package publishing (npm publish, yarn publish, pnpm publish)
  • Global package installation
  • Destructive operations (rm -rf node_modules)
  • Package unpublishing

Deny

  • Credential operations (npm login, npm adduser)
  • System-wide destructive operations

Active Protections

| What | When | Message | Bypass | | ----------------- | ----------------- | ------------------------------------------- | ------------- | | Changeset version | Wrong branch | ❌ changeset version requires main branch | --force | | Changeset publish | Wrong branch | ❌ changeset publish requires main branch | --force | | Package manager | Lockfile mismatch | ⚠️ [lockfile] was recently updated | Just ignore | | Missing deps | npm start | ⚠️ Missing node_modules | Just ignore | | Version conflict | npm install | ⚠️ React version mismatch detected | Fix or ignore |

Environment Variables

  • NODE_ENV - Set to 'development' by default
  • NODE_OPTIONS - Configured with --max-old-space-size=4096
  • NO_UPDATE_NOTIFIER - Disables npm update notifications
  • FORCE_COLOR - Enables colored output

Examples

Basic Node.js Project

{
  "plugins": ["@hugsylabs/plugin-node"]
}

Monorepo Project

{
  "plugins": ["@hugsylabs/plugin-node"],
  "env": {
    "TURBO_TOKEN": "your-token"
  }
}

Full Stack JavaScript with Changesets

{
  "plugins": ["@hugsylabs/plugin-node", "@hugsylabs/plugin-git", "@hugsylabs/plugin-test"]
}

Philosophy

This plugin follows the principle of "Prevent real mistakes, not enforce workflows":

  • ✅ Stop you from accidentally versioning on the wrong branch
  • ✅ Warn about potential dependency conflicts
  • ❌ Don't force you to lint/test (that's what CI is for)
  • ❌ Don't auto-install things without asking
  • ❌ Don't give unsolicited advice

Supported Tools

Package Managers

  • npm (all versions)
  • Yarn (Classic & Berry)
  • pnpm
  • Bun

Node Version Managers

  • nvm
  • n
  • fnm

Testing Frameworks

  • Jest
  • Vitest
  • Mocha
  • AVA
  • Tap
  • Playwright
  • Cypress

Build Tools

  • Webpack
  • Vite
  • Rollup
  • Parcel
  • esbuild
  • Turbo
  • TypeScript Compiler (tsc)
  • Babel
  • SWC

Linters & Formatters

  • ESLint
  • Prettier
  • Standard
  • XO
  • Biome

FAQ

Q: How do I disable everything?
A: Don't use the plugin. Seriously, it's now minimal enough that if you don't want these protections, just don't install it.

Q: Can I force changeset version on a feature branch?
A: Yes, use pnpm changeset version --force

Q: Why doesn't it auto-install dependencies anymore?
A: Because that was annoying. You know when to run npm install.

License

MIT