npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@paczesny/analytics

v0.6.0

Published

Cookieless, privacy-first analytics tracker — one component, < 3KB.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

j5onj5on

Keywords

analyticscookielessprivacygdpr

Readme

@paczesny/analytics

Cookieless, privacy-first analytics tracker. One component, ~2.4 KB gzip, no cookies, no consent banner.

Install

pnpm add @paczesny/analytics

Usage (Next.js App Router)

// app/layout.tsx
import { Analytics } from "@paczesny/analytics";

export default function RootLayout({ children }) {
  return (
    <html lang="pl">
      <body>
        {children}
        <Analytics siteId="abc123" />
      </body>
    </html>
  );
}

That's it. Page views (including client-side route changes), scroll depth, clicks, rage/dead clicks, JS errors and outbound/download clicks are captured automatically and sent in batches.

Custom events

import { track } from "@paczesny/analytics";

track("signup", { plan: "pro" });

Props

| Prop | Type | Default | Description | | --------------- | --------- | ----------------------------- | -------------------------------------------- | | siteId | string | — | Required. Public site identifier. | | apiHost | string | hosted ingest URL | Ingestion endpoint. | | sampleRate | number | 1 | 0..1 sampling for high-volume click events.| | trackOutbound | boolean | true | Track outbound links and file downloads. | | debug | boolean | false | Log captured events to the console. |

Non-React usage

import { init, track } from "@paczesny/analytics";

init({ siteId: "abc123" });
track("cta_click");

Plain <script> tag (no bundler, no React) — recommended for arbitrary sites

For sites that are not built with a React bundler, use the standalone build instead of importing the ESM package off a public CDN. It is a single self-contained file — there is no React and no runtime import chain — so you can pin it with Subresource Integrity (SRI) and, ideally, host it from your own origin.

<script
  defer
  src="https://analytics.blonie.cloud/t/0.5.0/paczesny-analytics.min.js"
  integrity="sha384-clMVel4vBqb1PqSU0oIpBaWQbPHRKJEngX4T7G3rz13j7pBRwdHQvK+ouYtI8+ub"
  crossorigin="anonymous"
  data-site-id="abc123"></script>

Optional attributes: data-api-host, data-sample-rate, data-track-outbound="false", data-debug="true". Custom events afterwards:

window.paczesny.track("signup", { plan: "pro" });

Self-host (best for login / sensitive / regulated pages)

Loading any third-party script on a page that handles credentials or sensitive data is a credential-skimming risk. To avoid a third-party origin in your CSP entirely:

  1. Download paczesny-analytics.min.js (the URL above) and serve it from your own origin, e.g. /paczesny-analytics.min.js.
  2. Reference that first-party path in the <script> tag, keeping the same integrity hash.
  3. Your CSP then only needs script-src 'self' — no external script origin.

Do not load this via https://esm.sh/@paczesny/analytics. That pulls react as a version-ranged ESM sub-import, requires the whole esm.sh origin in your CSP, and cannot be covered by SRI.

Privacy

  • No cookies, no persistent identifiers.
  • sessionId is generated in memory and resets when the tab closes.
  • The client never computes a visitor id and never sends the IP — the backend derives a daily-rotating visitorId so users cannot be tracked across days.

What gets collected

pageview, scroll (25/50/75/100%), click (sampled, normalized coords + stable selector), rage_click, dead_click, error, outbound, download, custom, session_end.

Transport

Events are queued in memory and flushed every 5s or when the buffer hits 20 events. On pagehide/visibilitychange the batch is sent with navigator.sendBeacon (falling back to fetch with keepalive). Analytics never throws into the host page.