npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@railly/last30

v0.1.0

Published

Production readiness scanner for vibecoded projects

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

raillyhugo_raillyhugo_

Keywords

lovableboltv0vibecodingauditproduction-readinesssecuritycli

Readme

last30

Production readiness scanner for vibecoded projects. Lighthouse for apps built with Lovable, Bolt, v0 and other AI tools.

AI does 70%. You own the last 30%.

Install

npx last30 audit

Or install globally:

bun add -g last30

Usage

# Scan current directory
last30 audit

# Scan specific path
last30 audit ./my-lovable-app

# JSON output (for CI/CD)
last30 audit --json

# Only show critical issues
last30 audit --level critical

Output

last30 v0.1.0

Scanning: ./my-lovable-app
Detected: Lovable (vite_react_shadcn_ts)

Production Readiness Score: 23/100

CRITICAL (4)
  SEC-001  Hardcoded API key in src/integrations/supabase/client.ts:4
  SEC-002  Supabase anon key exposed in client bundle
  ERR-001  No error boundaries detected (0 ErrorBoundary components)
  TST-001  No test files found (0 .test.ts, 0 .spec.ts)

WARNING (4)
  SEO-001  SPA-only: no SSR capability (Vite + React Router)
  COD-001  TypeScript strict mode disabled in tsconfig.json
  DEP-001  No CI/CD configuration (.github/workflows/)
  ERR-002  12 empty catch blocks found

INFO (3)
  COD-002  45 shadcn/ui components installed, 23 unused
  DEP-002  No monitoring setup (Sentry, LogRocket, etc.)
  SEO-002  No sitemap.xml or robots.txt

Run `last30 audit --json` for machine-readable output.
Learn more: https://thelast30.dev

Checks

| Category | Weight | What It Checks | |---|---|---| | Security | 25% | Hardcoded keys, exposed secrets, missing .env, anon keys in source | | Auth | 15% | Auth pattern quality, session handling, protected routes | | Error Handling | 10% | Error boundaries, try/catch coverage, empty catch blocks | | Testing | 10% | Test files, CI config, coverage setup | | SSR/SEO | 10% | SPA detection, meta tags, sitemap, robots.txt | | Code Quality | 10% | TypeScript strictness, linter config, unused code | | Database | 10% | Client-side queries, missing migrations, raw SQL exposure | | Deployment | 5% | CI/CD config, env separation, monitoring | | Accessibility | 5% | Alt tags, aria labels, semantic HTML |

Scoring

  • 0-25: Not production ready, critical issues.
  • 26-50: Needs work, security and reliability gaps.
  • 51-75: Getting there, missing professional practices.
  • 76-100: Production ready, ship it.

Detected Frameworks

| Framework | Detection | |---|---| | Lovable | vite_react_shadcn_ts in package.json, lovable-tagger dep | | Bolt.new | .bolt/ directory, Bolt markers | | v0 | v0 markers in project | | Generic Vite+React | vite + react in deps | | Next.js | next in deps (used as baseline) |

CI/CD Integration

# .github/workflows/audit.yml
name: Production Readiness
on: [push]
jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npx last30 audit --json > audit.json
      - run: npx last30 audit --ci --min-score 50

--ci exits with code 1 if score is below --min-score.

Comparison

| Feature | last30 | NextLovable | vibe-audit | |---|---|---|---| | Production score | 0-100 | No | No | | Security checks | 8 rules | No | No | | Auth analysis | Yes | Migration only | No | | Testing checks | Yes | No | No | | SEO/SSR detection | Yes | No | No | | Lovable detection | Yes | Yes | No | | Bolt detection | Yes | No | No | | Free | Yes | $39-$450 | Yes | | Zero deps | Yes | No | Yes | | CI/CD mode | Yes | No | No | | Offline | Yes | No | Yes |

Part of The Last 30%

This CLI is the free audit tool from The Last 30%, a course series teaching vibecoders the software engineering fundamentals AI can't fake.

npx last30 audit tells you what's wrong. The course teaches you why and how to fix it.

License

MIT