npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@inorainllc/wellyon

v0.5.0

Published

Wellyon server monitoring agent — streams host metrics and database statistics to your Wellyon server widget. DB credentials never leave your server.

Readme

@inorainllc/wellyon

Monitoring agent for the Wellyon server widget. Runs on your own Node.js/Linux server, connects outbound only to the Wellyon cloud and streams:

  • host metrics (CPU, memory, disk, load, network)
  • database statistics (slow queries, unused indexes, bloat, connections) for PostgreSQL, MySQL and MariaDB
  • read-only query results for the widget's "Ask AI" charts
  • managed database backups (opt-in): pg_dump / mysqldump runs locally, dumps stay on your server, only metadata is reported
  • system monitoring (opt-in): Docker containers + stats, Nginx status, open ports (with optional close), and top-repeated system-log patterns with time-trend detection

Your database credentials never leave this server. Only metrics, schema metadata, statistics and query result rows are transmitted.

Quick start

  1. In your Wellyon dashboard, add a server under Servers and copy the pairing token.
  2. On the server:
npx @inorainllc/wellyon init    # interactive setup + enrollment
npx @inorainllc/wellyon start   # run the agent

For production, run start under systemd / pm2 / a container.

Configuration

init writes wellyon-agent.json (mode 600):

{
  "endpoint": "https://api.wellyon.ai",
  "pairingToken": "wsa_...",            // one-time; replaced by an agent token after enrollment
  "serverName": "prod-db-1",
  "databases": [
    {
      "id": "main",
      "kind": "postgres",
      "url": "postgres://wellyon_ro:...@localhost:5432/app",
      "backup": {
        "enabled": true,                     // permission gate — without this the agent refuses backup requests
        "dir": "/var/backups/wellyon/main",  // default: ~/.wellyon/backups/<id>
        "keep": 7,                           // dumps kept locally (older pruned)
        "timeoutMin": 60,
        "everyHours": 24                     // optional agent-side schedule; omit for on-demand only
      }
    },
    { "id": "orders", "kind": "mysql", "host": "127.0.0.1", "user": "wellyon_ro", "password": "...", "database": "orders" }
  ],
  "system": {
    "docker": true,                       // Docker containers + live CPU/mem (needs docker CLI + socket access)
    "nginx": true,                        // nginx version/running state
    "nginxStatusUrl": "http://127.0.0.1/nginx_status", // optional stub_status for live connections
    "ports": true,                        // listening TCP ports (lsof / ss)
    "allowClosePorts": false,             // gate — must be true for the widget to close a port
    "logs": {
      "journald": true,                   // Linux systemd journal
      "files": ["/var/log/nginx/error.log"], // extra log files to scan
      "windowMinutes": 15
    },
    "intervalSec": 30
  },
  "metricsIntervalSec": 15,
  "statsIntervalSec": 300
}

System monitoring

All opt-in via the system block. The agent shells out to read-only tools (docker, lsof/ss, pgrep, journalctl) — install what you want monitored. Closing a port terminates the process bound to it and is gated twice: system.allowClosePorts: true in this config AND the system:manage scope on the widget token. Log analysis normalizes each line to a template (masking timestamps/ids/ips/numbers), counts repeats, and compares windows to flag new / rising patterns — so a flood of one error surfaces at the top.

Managed backups

Backups are off by default and gated by the local config — the cloud can only trigger a dump for a database whose backup.enabled is true. Dumps run locally (pg_dump -Fc for Postgres, mysqldump --single-transaction | gzip for MySQL/MariaDB, both tools must be installed), land in backup.dir with mode 600, and are pruned to the newest keep. The dump file never leaves your server — Wellyon receives only name/size/duration/status metadata. Note: dumping usually needs broader privileges than monitoring; use a dedicated backup user or grant SELECT/LOCK TABLES to the configured one.

Lookup order: $WELLYON_CONFIG./wellyon-agent.json~/.wellyon/agent.json. Env overrides: WELLYON_ENDPOINT, WELLYON_PAIRING_TOKEN, WELLYON_SERVER_NAME.

Security model

  • Read-only DB user strongly recommendedinit prints the GRANT statements.
  • Every SQL statement received from the cloud passes a local sandbox: single-statement lexical gate → SQL parser gate → read-only transaction/session with a server-side statement timeout (the hard guarantee), plus row/payload caps.
  • Enrollment uses a one-time pairing token; afterwards a revocable agent token (stored in ~/.wellyon/agent-state.json, mode 600) authenticates the outbound socket. Revoking the server in the dashboard cuts the agent off.

Commands

| Command | Description | |---|---| | init | Interactive setup, writes config, enrolls the server | | start | Run the agent (default) | | test-connection | Verify Wellyon + database connectivity, then exit |