npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@james-wall/codegov

v0.1.3

Published

AI code governance — attribution, telemetry, and ROI for AI-assisted development

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

james-walljames-wall

Keywords

aigovernanceprovenancetelemetrycopilotcursorclaude

Readme

codegov

Know what AI wrote in your codebase.

CodeGov scans your git history and detects commits authored by AI coding tools — Claude Code, Cursor, GitHub Copilot, Devin, and Aider — from git metadata alone. No config, no API keys, no agents to install.

$ npx @james-wall/codegov scan

82.3% of commits are AI-authored (283/344)
Agents: 280 claude-code, 2 copilot, 1 cursor

Detected commits:
  c7e2a46  claude-code [Claude Opus 4.6]  +0/-22   (95%)
  07d9deb  claude-code [Claude Sonnet 4.6]  +8/-8   (95%)
  5f90db7  copilot  +83/-22   (95%)
  ...

Install

npx @james-wall/codegov scan       # try it now, no install needed
npm install -g @james-wall/codegov # or install globally

Commands

Zero-config (works on any repo)

codegov scan                # scan full history
codegov scan --since 3m     # last 3 months
codegov scan --format html  # generate shareable HTML report
codegov stats               # agent breakdown + monthly trends
codegov query --agent cursor --since 90d
codegov forensics <hash>    # deep dive on a single commit
codegov export --format csv # export for spreadsheets
codegov export --format sbom # SPDX 2.3 compliance artifact
codegov share               # upload HTML report as a GitHub Gist

Ongoing monitoring

codegov init                # install post-commit hook + scan history
codegov server              # start OTEL collector + live dashboard
codegov server --port 8080  # custom port

The server accepts OpenTelemetry traces at POST /v1/traces (Claude Code natively supports OTEL export) and git commit metadata at POST /v1/hooks/commit, then correlates them to build tool-to-commit attribution.

How detection works

CodeGov identifies AI-authored commits by matching patterns in git metadata:

| Tool | Detection signals | |------|------------------| | Claude Code | Co-Authored-By: Claude trailer, Generated by Claude Code marker | | Cursor | cursor[bot] author, [email protected] co-author, Made-with: Cursor trailer | | Copilot | [email protected] co-author, copilot-swe-agent[bot] author, Agent-Logs-Url trailer | | Devin | devin-ai-integration[bot] author email | | Aider | aider (model) <[email protected]> co-author, aider: message prefix |

Each detection carries a confidence score (0-100%). The threshold is 30% — anything below is classified as human-authored.

Only the five named tools above are counted by default — each is matched on a specific, documented signature, so false positives are rare. A low-signal "generic AI" heuristic (e.g. an <ai@…> co-author with no specific tool) is available behind codegov scan --include-generic, but it is off by default to keep the headline number trustworthy. Detection reads commit metadata only, so the percentage is a floor: AI-assisted commits that carry no signature are not counted.

Export formats

  • JSON — full audit report with summary + all records
  • CSV — tabular, import into any spreadsheet
  • SBOM — SPDX 2.3 for compliance workflows
  • HTML — dark-themed dashboard, shareable as a standalone file

Use cases

  • Engineering leaders: understand what % of your codebase AI wrote and which tools produce the most merged code
  • Compliance teams: generate provenance artifacts for SOC2 auditors asking about AI-generated code
  • Open source maintainers: add transparency about AI contributions
  • Individual devs: track your own AI tool usage across projects

License

MIT