npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@neurcode/action

v0.2.2

Published

GitHub Action for Neurcode - Code adherence verification gatekeeper

Downloads

233

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

neurcodeneurcode

Keywords

github-actioncode-governanceneurcodeci-cd

Readme

Neurcode Verify GitHub Action

Enterprise PR governance action for neurcode verify, with optional auto-remediation and merge-confidence publishing.

Recommended PR Gate (Deterministic)

name: Neurcode Gatekeeper

on:
  pull_request:
    types: [opened, synchronize, reopened]

jobs:
  governance:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Run Neurcode Verification
        uses: ./packages/action
        env:
          NEURCODE_API_URL: https://api.neurcode.com
        with:
          api_key: ${{ secrets.NEURCODE_API_KEY }}
          project_id: ${{ vars.NEURCODE_PROJECT_ID }}
          org_id: ${{ vars.NEURCODE_ORG_ID }}
          base_ref: 'HEAD~1'
          threshold: 'C'
          record: 'true'
          enterprise_mode: 'true'
          verify_policy_only: 'false'
          changed_files_only: 'true'
          auto_remediate: 'true'
          remediation_commit: 'false'
          remediation_push: 'false'

Inputs (Common)

| Input | Description | Default | |---|---|---| | api_key | Neurcode API key for verify/ship in CI | '' | | project_id | Neurcode project id for cloud-linked workflows | '' | | org_id | Optional org id for CI auth scoping | '' | | base_ref | Override verify base ref (origin/main, HEAD~1, etc.) | '' | | record | Record verification to Neurcode cloud | true | | threshold | Minimum acceptable grade (A/B/C/D/F) | C | | enterprise_mode | Auto-enable enterprise-safe verify defaults unless explicitly overridden | true | | verify_policy_only | Run neurcode verify --policy-only | false | | changed_files_only | Enforce only violations from changed files in this PR/base diff | false | | enforce_change_contract | Treat contract drift as hard fail; set true/false to override enterprise auto mode | '' (auto) | | enforce_strict_verification | Treat tier-limited INFO as failure; set true/false to override enterprise auto mode | '' (auto) | | auto_remediate | Run neurcode ship when verify fails | false | | remediation_commit | Create remediation commit on success | false | | remediation_push | Push remediation commit to PR branch | false | | verify_after_remediation | Re-run verify after remediation | true |

See action.yml for full advanced inputs (timeouts, retries, CLI source/version, commit metadata).

Outputs

| Output | Meaning | |---|---| | verdict | Verification verdict | | verify_mode | Effective verify mode (plan_aware, plan_enforced_explicit, policy_only, policy_only_fallback) | | policy_only_fallback_used | true if missing plan context triggered policy-only retry | | grade | Verification grade | | score | Verification score | | violations | Violation count | | verification_tier | Reported tier (if present) | | tier_limited | true if verify result is tier-limited | | threshold | Threshold used by action | | threshold_passed | true / false / unknown | | remediation_status | READY_TO_MERGE or BLOCKED (when remediation runs) | | merge_confidence | Merge confidence from ship summary | | share_card_url | Public merge confidence card URL (when available) | | remediation_commit_created | Whether remediation commit was created | | remediation_commit_pushed | Whether remediation commit was pushed | | remediation_commit_sha | Commit SHA when a remediation commit is created |

Safety Defaults

  • Keep enterprise_mode: true for deterministic enforcement defaults in CI.
  • In enterprise auto mode, change-contract hard-fail is enabled for plan-aware runs and relaxed for policy-only fallback runs.
  • Use verify_policy_only: true only for intentional policy-only governance runs.
  • The action detects neurcode verify --help capabilities and gracefully drops unsupported verify flags for older pinned CLI versions.
  • Without explicit plan_id, the action runs plan-aware mode first and automatically retries in policy-only mode only when the verify failure is strictly "missing plan context".
  • Use changed_files_only: true to avoid blocking on historical repository debt.
  • Use base_ref: HEAD~1 for incremental adoption on long-lived branches with legacy violations.
  • Keep remediation_commit and remediation_push disabled in shared CI.
  • Enable commit/push only in a dedicated remediation workflow where branch mutation is expected.