npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@ojesusmp/git-install

v1.0.1

Published

CLI to install Claude/Codex skills and manage GitHub repository installations

Readme

git-install

Search, install, and uninstall GitHub repositories from your AI coding tools.

@ojesusmp/git-install is an npm CLI that teaches Claude Code and OpenAI Codex how to find, install, and cleanly remove GitHub repositories — with code-enforced safety guards, atomic file operations, and SHA-pinned installs.

Prerequisites

  • Node.js >= 20
  • git
  • gh CLI (optional — used for faster ref resolution; falls back to git ls-remote and GitHub REST API)

Quickstart

Run setup once to install the skill files into your AI tool's config directory:

npx @ojesusmp/git-install setup --claude
npx @ojesusmp/git-install setup --codex
npx @ojesusmp/git-install setup --both

Then trigger the skill from your AI tool:

repo install owner/repo

Features

  • Cross-platform — tested on Windows, macOS, and Linux via GitHub Actions CI
  • Code-enforced safety — protected-directory allowlist, TTY confirmation gates, and SHA pinning are enforced in source code (src/safety/), not by LLM instruction
  • Atomic file operations — backup-write-rename pattern with orphan recovery on next run
  • TTY confirmation gates — installs require typing confirm; uninstalls require typing confirm uninstall
  • SHA pinning — every install resolves and records the exact commit SHA; mutable refs (branches, tags) trigger a warning
  • Exit code taxonomy — machine-readable exit codes for scripting

CLI Usage

Setup

Copy skill files into your AI tool's config directory:

git-install setup --claude     # ~/.claude/skills/install-repo/
git-install setup --codex      # ~/.codex/skills/install-repo/
git-install setup --both       # both targets

Search

git-install repo search owner/repo
git-install repo search "natural language description"
git-install repo search https://github.com/owner/repo

Install

git-install repo install owner/repo
git-install repo install owner/[email protected]
git-install repo install owner/repo@abc1234def   # SHA pin — immutable
git-install repo install https://github.com/owner/repo

Uninstall

git-install repo uninstall repo-name

Safety

The CLI enforces a hardcoded protected-directory allowlist that blocks writes to ~/.claude, ~/.codex, ~/.ssh, ~/.aws, and other sensitive paths. This guard operates on the CLI's own file operations — it does not sandbox arbitrary shell commands an AI assistant might run after reading repo content.

See docs/SAFETY_MODEL.md for the full threat model, code-enforced primitives, and limitations.

Documentation

| Document | Description | | -------------------------------------------------- | ------------------------------------------------------------- | | docs/INSTALL.md | Prerequisites, installation, verification, uninstall | | docs/USER_GUIDE.md | CLI usage, confirmation UX, exit codes, environment variables | | docs/DEVELOPER_GUIDE.md | TypeScript dev setup, project structure, TDD policy, release | | docs/SAFETY_MODEL.md | Safety primitives, threat model, limitations | | CONTRIBUTING.md | PR requirements, commit conventions, issue templates | | CHANGELOG.md | Version history and breaking changes |

License

MIT — see LICENSE.