npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@johnbillion/plugin-infrastructure

v2.7.3

Published

Shared utilities for WordPress plugin development

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

johnbillionjohnbillion

Keywords

Readme

Plugin Infrastructure

Reusable infrastructure relating to testing, building, linting, deploying, and verifying my WordPress plugins (see the "Used by" section below).

Provided without support, warranty, guarantee, backwards compatibility, fitness for purpose, resilience, safety, sanity, beauty, or support for any plugin that isn't one of mine.

Used by

Features

  • Containerised test environment
  • Support for an npm build step
  • Acceptance testing
  • Integration testing
  • Coding standards testing
  • Static analysis
  • Workflow file linting
  • Deployment to WordPress.org
  • GitHub milestone management
  • FAIR metadata generation
  • GitHub build provenance attestation
  • SLSA v1.0 Build level 3 facilitation
  • Ongoing supply chain assurance

Plugins that use this library all use a similar setup in their workflows:

Acceptance testing

  • Push to a main branch or pull request, acceptance-tests.yml fires
    • Constructs a matrix of supported PHP and WordPress versions
    • Uses reusable-acceptance-tests.yml
      • Installs PHP and WordPress
      • Runs the build
      • Runs acceptance testing with Playwright

Integration testing

  • Push to a main branch or pull request, integration-tests.yml fires
    • Constructs a matrix of supported PHP and WordPress versions
    • Uses reusable-integration-tests.yml
      • Installs PHP and WordPress
      • Runs the build
      • Runs integration testing with PHPUnit, once for:
        • Single site
        • Multisite

Coding standards testing

  • Push to a main branch or pull request, coding-standards.yml fires
    • Uses reusable-coding-standards.yml
      • Installs PHP
      • Checks coding standards with PHPCS

Static analysis

  • Push to a main branch or pull request, static-analysis.yml fires
    • Constructs a matrix of supported PHP versions
    • Uses reusable-static-analysis.yml
      • Installs PHP
      • Runs static analysis with PHPStan

Workflow file linting

  • Push to a main branch or pull request, lint-workflows.yml fires
    • Uses reusable-workflow-lint.yml
      • Lints all GitHub Actions workflow files for correctness and security using:
        • ActionLint
        • Octoscan
        • Zizmor
        • Poutine
      • Uploads results to GitHub Code Scanning

Deployment

WordPress.org

  • Push to the release branch, build.yml fires
    • Uses reusable-build.yml
      • Runs the build
      • Reads version from package.json
      • Commits built files
      • Pushes to release-$VERSION
      • Tags the new version and pushes
      • Creates a draft release
  • Publish the release, deploy-tag.yml fires
    • Uses reusable-deploy-tag.yml
      • Creates a changelog entry from the release notes
      • Uses 10up/action-wordpress-plugin-deploy
        • Deploys the new version to WordPress.org
        • Generates a zip file
      • Uses johnbillion/action-wordpress-plugin-attestation
        • Fetches the zip from WordPress.org
        • Generates a build provenance attestation if the zip contents matches the build
      • Generates FAIR metadata for the release and opens a PR with the changes

Packagist

  • Happens automatically with each release via the auto-update mechanism on Packagist.org
  • Always identical to the version deployed to WordPress.org

GitHub

  • Automatically closes the completed milestone for each release
  • Automatically creates the next major, minor, and patch release milestones after each release

Supply chain assurance

  • Hourly scheduled workflow runs in verify-distribution.yml
    • Uses reusable-verify-distribution.yml
      • Verifies the provenance of the plugin on WordPress.org
      • Verifies the api.wordpress.org response for the plugin info
      • Verifies the PLC DID, its full log, its FAIR service endpoint, and its FAIR metadata
      • Fetches and updates the DID PLC log

Licence

MIT