npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@marschildox/codeready-ds

v0.6.1

Published

Code-first design system — React components, design tokens, and multi-brand theming

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

marschildoxmarschildox

Keywords

Readme

@marschildox/codeready-ds

React component library with design tokens and multi-brand theming, built on Base UI.

Contributor and maintainer documentation lives in docs/README.md. This README is consumer-facing (install + usage); the docs directory carries the architecture, registry semantics, and authoring workflow.

Install

npm install @marschildox/codeready-ds @base-ui-components/react react react-dom

Import

// styles must be imported before base
import '@marschildox/codeready-ds/styles'
import '@marschildox/codeready-ds/base'

import { Button, Input, Select, RadioGroup } from '@marschildox/codeready-ds'
import { HeroLeadForm, type FormField, type NavItem } from '@marschildox/codeready-ds/sections'
import { BRANDS } from '@marschildox/codeready-ds/brands'

// ./types is for tooling that reads DS registry metadata — not needed for product-app component usage
import type { ComponentMeta, ComponentRegistry } from '@marschildox/codeready-ds/types'

Component prop types (FormField, NavItem, ContactMethod, etc.) are exported from the entrypoint that owns the component. Import them from @marschildox/codeready-ds (UI primitives) or /sections (page sections), not /types.

Setup

1. Load styles

Import both stylesheets — in this order — in your root layout:

import '@marschildox/codeready-ds/styles'
import '@marschildox/codeready-ds/base'
  • /styles — design tokens as CSS custom properties on :root. No element styles applied.
  • /base — applies tokens to body, headings, and form controls. Includes a minimal reset.

/styles must come before /base.

2. Set brand and theme

Add data-brand and data-theme to <html>:

<html data-brand="brand-default" data-theme="light">

Supported values:

| Attribute | Values | |-----------|--------| | data-brand | brand-default, gubernamental | | data-theme | light, dark |

3. Load fonts

The package ships token values (--font-title: 'Inter', --font-body: 'Roboto') but does not load font files. You must load them.

Option A — Google Fonts

<link rel="preconnect" href="https://fonts.googleapis.com" />
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
<link
  href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Roboto:wght@400;500;700&display=swap"
  rel="stylesheet"
/>

Option B — Fontsource (self-hosted)

npm install @fontsource/inter @fontsource/roboto
import '@fontsource/inter/400.css'
import '@fontsource/inter/500.css'
import '@fontsource/inter/600.css'
import '@fontsource/inter/700.css'
import '@fontsource/roboto/400.css'
import '@fontsource/roboto/500.css'
import '@fontsource/roboto/700.css'

Vite / Astro SSR config

@base-ui-components/react must be bundled through Vite in SSR mode:

// vite.config.js or astro.config.mjs
export default defineConfig({
  vite: {
    ssr: {
      noExternal: ['@base-ui-components/react']
    }
  }
})

Troubleshooting

| Symptom | Cause | Fix | |---------|-------|-----| | Serif body font (Times/Georgia) | /base not imported | Add import '@marschildox/codeready-ds/base' | | System sans-serif instead of Inter/Roboto | Font files not loaded | Add Google Fonts or Fontsource imports | | Token variables undefined | /styles not imported | Import /styles before /base | | SSR build error for Base UI | Missing noExternal | Add noExternal: ['@base-ui-components/react'] |

Release process

How publishing works

This package uses npm Trusted Publishing — no long-lived npm token is stored anywhere. Publishing is fully OIDC-based.

When a v*.*.* tag is pushed, the GitHub Actions workflow (.github/workflows/publish.yml):

  1. Runs inside the npm-publish GitHub environment (tag-restricted, no secrets stored).
  2. Requests a short-lived OIDC identity token from GitHub (id-token: write).
  3. Builds the compiled package (pkg/) via tsc + CSS copy, then validates brands and sections.
  4. Calls npm publish --access public --provenance. The npm CLI automatically exchanges the GitHub OIDC token for a temporary publish credential — no NPM_TOKEN required.
  5. Attaches a Sigstore provenance attestation to the published package. The attestation cryptographically links the tarball to the exact commit, run ID, and workflow file.

Consumers can verify the attestation at any time:

npm audit signatures @marschildox/codeready-ds

Cutting a release

# 1. Validate and pack locally
npm run release -- <version>
# e.g. npm run release -- 0.4.0

# 2. Inspect the tarball — only pkg/ paths should appear
tar -tzf /tmp/marschildox-codeready-ds-<version>.tgz | head -30

# 3. Commit the version bump and changelog
git add package.json CHANGELOG.md
git commit -m "chore: release v<version>"

# 4. Tag and push — this triggers the publish workflow
git tag v<version>
git push && git push --tags

CI builds, validates, and publishes automatically. No manual npm interaction needed.

One-time setup — GitHub side

  1. In the repository, go to Settings → Environments → New environment.
  2. Name it npm-publish.
  3. Under Deployment branches and tags, restrict to tag pattern v*.*.*.
  4. No secrets required — Trusted Publishing uses OIDC; there is no npm token to store.

One-time setup — npm side

Complete these steps after the first manual publish (below) creates the package on npm.

  1. Go to npmjs.com → your package @marschildox/codeready-dsSettings.

  2. Confirm Package visibility is Public.

  3. Under Publish access → Trusted Publishers, click Add a trusted publisher.

  4. Enter exactly:

    | Field | Value | |-------|-------| | Publisher | GitHub Actions | | Repository owner | marschildox | | Repository name | codeready-ds | | Workflow filename | publish.yml | | Environment | npm-publish |

Once saved, GitHub Actions can publish this package using only its OIDC identity — no npm account credentials required.

First publish (manual, one-time only)

The package must exist on npm before Trusted Publishing can be configured. Use --otp once:

npm run build:pkg
npm publish --access public --otp=<6-digit-code>

After that, configure the Trusted Publisher on npm as described above. All subsequent releases go through CI with no token.

Consumer repo — after a release

npm install @marschildox/codeready-ds@latest

No consumer-side changes are needed between patch/minor releases. For major releases, check the CHANGELOG for breaking changes.

For component authoring, registry structure, and LLM-assisted workflows see docs/component-authoring-workflow.md.