npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mneme-ai/xray

v3.102.0

Published

Mneme Repo X-Ray — a signed, raw-free, deterministic X-Ray of any repo. Every number is reproducible from git/AST/metadata and sealed with an offline-verifiable NOTARY receipt. No source code ever leaves the machine; no LLM guesses anything.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mneme_npmmneme_npm

Keywords

airepo-analysisx-raydeterministicnotarysignedprivacybus-factordependency-mortalitymneme

Readme

@mneme-ai/xray — Repo X-Ray

Live: https://xray.mneme-ai.space — paste any public repo, get a signed health X-Ray in seconds (no install).

A signed, raw-free, deterministic X-Ray of any repo. Paste a public git URL (or point the CLI at a local path) and get a graded report: dependency mortality, secret leaks, bus factor, vitality, and complexity hotspots.

Three guarantees, by construction:

  1. Accurate. Every number comes from a deterministic @mneme-ai/core analyzer (git history · AST outline · npm registry metadata · regex secret scan). No LLM guesses anything — the same repo at the same commit always produces the same report.
  2. Private. Public repos are shallow-cloned to a temp dir, analysed, and deleted. The report is raw-free — it carries only metrics, counts, line numbers, symbol names, and hashes, never a line of source. xrayLeaksRaw() proves it (gauntlet-enforced). Private repos never leave your machine: run the CLI locally.
  3. Verifiable. The whole report is sealed with an Ed25519 NOTARY receipt any third party verifies offline with the embedded public key — no Mneme instance, no network, no shared secret.

CLI (local / private repos — nothing uploaded)

npx @mneme-ai/xray .                                  # local folder (git OR not) — analysed in place
npx @mneme-ai/xray https://github.com/owner/repo      # public repo
npx @mneme-ai/xray ./private-repo --publish \
    --server https://xray.mneme-ai.space --token YOUR_KEY   # send ONLY the signed, raw-free report

The CLI works on any local folder — including one that isn't a git repo (git signals are simply skipped). Source never leaves your machine; --publish sends only the raw-free, signed report to your private dashboard.

Embed a badge

A signed, self-updating grade for any README — links back to the full report:

[![Mneme X-Ray](https://xray.mneme-ai.space/badge/github/owner/repo.svg)](https://xray.mneme-ai.space/r/<fingerprint>)

Server (the "Lighthouse")

npm run -w @mneme-ai/xray serve                # http://0.0.0.0:8787

| Endpoint | | |---|---| | POST /api/xray {gitUrl} | clone public repo → battery → raw-free gate → NOTARY seal → report | | POST /api/verify {signed} | verify a report's receipt offline | | GET /api/board | recent public X-Rays | | GET /api/health | liveness | | GET / | the clean white UI |

Env: PORT (8787) · HOST (0.0.0.0) · XRAY_DATA_DIR (./.xray-data).

Deploy 24/7 on DigitalOcean

One click (no command line) — authorize GitHub, get a public …ondigitalocean.app URL:

Deploy to DigitalOcean

App Platform (CLI): doctl apps create --spec packages/xray/.do/app.yaml (auto-deploys on push to main).

Droplet (durable board):

docker build -f packages/xray/Dockerfile -t mneme-xray .
docker run -d --restart=always -p 80:8787 -v /srv/xray-data:/data mneme-xray

Architecture — Lighthouse + Reactor

[ your machine: code ]  --mneme-xray ./path-->  raw-free signed report   (private repos: never leaves)
[ public git URL ]      --POST /api/xray----->  Lighthouse (DigitalOcean): clone → analyse → delete → sign

The server (Lighthouse) only ever holds raw-free, signed reports. The accurate engine (Reactor) runs the same @mneme-ai/core functions whether local or in the cloud.