npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@kidkender/archmind-explainer

v0.3.0

Published

Explanation engine for ArchMind — fact extraction, pattern detection, evidence packaging, and finding ranking for Laravel/NestJS execution graphs.

Readme

@archmind/explainer

Detects real security and correctness issues in Laravel execution graphs — before asking an LLM a single question.


Why findings-first matters

Most AI code review tools ask the LLM to "look for problems." The LLM then produces plausible-sounding findings that may or may not be real, with no evidence chain and no way to verify them.

@archmind/explainer flips this. It runs deterministic pattern detectors against the structured execution graph and produces concrete, evidence-backed findings first. The LLM then explains and contextualizes findings that are already known to exist — rather than guessing.

The difference: findings with provenance vs. findings with vibes.


What it detects

Seven static detectors, each targeting a specific failure pattern in Laravel applications:

| Finding | What it means | |---|---| | missing_authorization | A controller action has no auth gate, policy check, or permission middleware in its execution path | | duplicate_authorization | The same permission is checked in both middleware and a policy — redundant, and a maintenance hazard | | delegated_validation | A FormRequest's authorize() calls a policy that re-checks permissions already enforced upstream | | hidden_runtime_dependency | A controller or service uses app() to resolve a dependency at runtime — invisible to static analysis and untestable | | privilege_hierarchy_present | Multiple permission levels exist in the path — potential privilege escalation surface | | event_before_commit | An event is dispatched inside a DB::transaction before the commit — the listener may act on uncommitted data | | missing_tenant_scope | A model query runs without a tenant constraint in a multi-tenant context — data leakage risk |


Key advantages

No false positives from ambiguity Detectors reason from the graph structure, not from string patterns in source code. A missing_authorization finding only fires when the graph provably has no auth node in the execution path.

Full evidence chain Every finding includes the node IDs involved, the ontology primitives that triggered it, and human-readable evidence descriptions. You know exactly why the finding was raised.

Honest about uncertainty When a finding's confidence is lower than HIGH, the uncertainty field explains why — unverifiable conditions, missing nodes, inferred symbols. No silent confidence inflation.

Query-aware ranking Pass a natural language query and the explainer reorders findings to surface those most relevant to what you're actually asking about.


Usage

import { explain } from "@archmind/explainer"

const findings = explain(graph, "does this endpoint check authorization?")

findings[0].type            // "missing_authorization"
findings[0].severity        // "CRITICAL"
findings[0].confidence      // "HIGH"
findings[0].summary         // "No authorization check found in execution path"
findings[0].evidence        // [{ nodeId, description }]
findings[0].recommendations // ["Add a policy check via $this->authorize()"]
findings[0].uncertainty     // undefined (confidence is HIGH — no caveats)

Without a query, findings are returned ranked by severity × confidence. With a query, findings most relevant to the query are surfaced first.


Running tests

cd packages/explainer
node --experimental-vm-modules ../../node_modules/jest/bin/jest.js