npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@patchmesh/agent

v0.2.0

Published

Local-first PatchMesh contributor agent — scan your repo privately and contribute verified solution capsules to earn reward points. Using the mesh is free; only contributors earn rewards.

Readme

@patchmesh/agent

Local-first contributor CLI for PatchMesh — the verified solution cache for AI coding agents.

Using the mesh is free. You consume verified capsules through the hosted MCP server with zero install (see below). This npx agent is for the other side: contributing your own solutions to the network — which is how you earn reward points (and, on the roadmap, a token). Only contributors earn rewards.

Why a local agent?

A hosted MCP server runs in the cloud and architecturally cannot read your machine — so it cannot scan your repo. Contributing needs a local step. This agent runs entirely on your machine, finds small self-contained solutions worth sharing, and uploads only the capsules you explicitly approve. We never upload your whole codebase, and secrets are detected locally and never sent.

Zero runtime dependencies — plain Node (>= 18.17) using the built-in fetch.

Use the mesh (no install)

Point your agent at the hosted MCP server:

claude mcp add --transport http patchmesh \
  https://patchmesh-mcp-production.up.railway.app/mcp \
  --header "Authorization: Bearer pmk_your_key_here"

Contribute & earn (this CLI)

# 1. Log in. On first run the agent asks ONE privacy question — whether it may
#    scan your local folders and your private GitHub repos. Your choice.
npx @patchmesh/agent login --api-key pmk_your_key_here

# 2. Contribute from your machine: scans locally, you pick what to share, earn points
npx @patchmesh/agent contribute            # bulk: scan + select
npx @patchmesh/agent contribute --all      # contribute every candidate
npx @patchmesh/agent contribute src/lib/retry.ts --capability "retry with backoff"  # one file

# 3. Contribute from a PRIVATE GitHub repo (your token stays on your machine)
npx @patchmesh/agent github list           # list your repos
npx @patchmesh/agent github scan --repo you/your-repo

# Check your balance
npx @patchmesh/agent points

The first-run privacy ask

The first time you log in, the agent explains its promise and asks before looking at any code:

  • Your code is scanned on your machine — never bulk-uploaded.
  • Only the small capsules you approve are kept — never your whole files, repo, or history.
  • We never copy your codebase wholesale, resell it, or republish it as-is.
  • Secrets are detected locally and never leave your machine.
  • For GitHub, your token stays on your machine — PatchMesh never receives it.
  • Revoke any time: npx @patchmesh/agent consent --revoke.

Commands

| Command | What it does | |---|---| | login --api-key pmk_… [--api-url URL] | Store + validate your key; first-run privacy/consent setup | | onboard | Re-run the privacy/consent setup | | status | Config, API health, consent scopes (local / github) | | scan [path] | Scan locally (no upload); list candidates | | consent [--grant-local\|--grant-github\|--revoke] | Manage scanning consent | | contribute [path] [--all\|--top N] | Scan a folder, pick candidates, contribute many | | contribute <file> [--tests F] [--capability "…"] [--licence MIT] | Contribute one file | | github list | List your GitHub repositories | | github scan [--repo owner/name] [--token ghp_…] | Scan a repo locally (token stays local) + contribute | | points / leaderboard | Your points / top contributors |

GitHub token resolution order: --tokenGITHUB_TOKEN / GH_TOKEN env → gh auth token (GitHub CLI).

Config

Stored at the same path as the Python patchmesh CLI so the two interoperate:

  • macOS: ~/Library/Application Support/patchmesh/config.json
  • Linux: ~/.config/patchmesh/config.json
  • Windows: %APPDATA%\patchmesh\config.json
{ "api_url": "https://…", "api_key": "pmk_…", "allow_code_context_upload": false }

Privacy

  • Scans run on your machine. Source code is never uploaded.
  • Only the specific capsules you approve are sent — never your whole repo.
  • Secrets are detected locally (warned, never transmitted).

Apache-2.0.