npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@lola-market/skills-alpha

v0.0.22

Published

LOLA market skills, exposed two ways: a `lola` CLI for humans and a `lola-mcp` stdio MCP server for AI agents. One package, two binaries, one credentials file. Skills: onboard-item, manage-items, manage-messages, manage-groups, manage-rentals, browse-list

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

lola-marketlola-market

Keywords

Readme

lola-skill-cli

LOLA market CLI. One binary (lola), one subcommand per skill.

lola login                            # device flow for ALL skills (one approval click)
lola login --skill manage-rentals     # device flow for one skill
lola whoami [--skill manage-rentals]
lola logout [--skill … | --all]

lola rentals list
lola rentals show <id>
lola rentals events <id>
lola rentals advance <id> <event> [--lat … --lng … | --file-ids a,b,c]
lola rentals earnings
lola rentals reviews

Install (dev)

cd cli
npm install
npm run build
npm link            # exposes `lola` on $PATH

Or run without linking:

node dist/bin.js login

Using the MCP server (lola-mcp)

The same operations are exposed as MCP tools over stdio by the lola-mcp binary (installed alongside lola by the same package). Point any MCP host at it — Claude Desktop, Claude Code, Cursor, opencode, Continue, etc.

{
  "mcpServers": {
    "lola": { "command": "lola-mcp" }
  }
}

First-time setup is still the CLI. lola-mcp reads the same ~/.config/lola/credentials.json the CLI writes — there is no login flow inside the MCP server. Order of operations:

  1. npm i -g @lola-market-team/skill-cli (puts both lola and lola-mcp on PATH)
  2. lola login (one-time, opens a browser for device-flow approval)
  3. Add the JSON snippet above to your MCP host and restart it
  4. The agent can call lola_status first to confirm the user is paired — it's a no-network local read and won't throw before login

If a tool call fires before login, the error string tells the user exactly what to run.

Where credentials live

~/.config/lola/credentials.json — file mode 0600, one record per skill keyed by client_id. Delete or lola logout to drop a session.

Base URL

Defaults to https://staging.lola.market. Override with the LOLA_BASE_URL environment variable.

Backend wire contract

Each skill's HTTP contract is documented in ../docs/skills/<slug>/skill.yaml. The CLI is a thin wrapper.

Driving the CLI from an LLM / agent

Designed so a shell-spawning agent can use it without prior knowledge. Self-introspection paths:

  1. lola --help → top-level workflow, env vars, examples
  2. lola <skill> --help → what the skill does, deny-list, error codes, and copy-paste examples
  3. lola <skill> <cmd> --help → exact flags and their purpose
  4. For state-machine skills: always lola <skill> events <id> before advance — the proxy applies the deny-list, so what comes back is safe to fire. Don't enumerate FSM events from memory.

Output today is JSON for everything except rentals list (small table). Pipe through jq for parsing. A --json global flag for the list commands is on the roadmap.

Errors land as a JSON body with errors[0].extensions.code. Stable codes worth pattern-matching:

| Code | Action | |--------------------------|--------------------------------------------------| | NOT_FOUND | resource doesn't exist OR caller isn't on it | | EVENT_BLOCKED_FOR_SKILL| money/insurance event; deny-list, not a bug | | WRONG_SKILL | token is for another skill; re-login --skill X | | UNAUTHORIZED | session expired; CLI auto-refreshes once | | unknown_event | FSM rejected (wrong state/role) |

Repo plan

Lives under cli/ in lola-market-backend for now while contracts are still moving. Will be extracted to its own repo (lola-cli) once the surface is stable, with:

git filter-repo --path cli/ --to-subdirectory-filter .