npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@rep-protocol/cli

v0.1.7

Published

CLI tool for the Runtime Environment Protocol (REP).

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ruachtech.devruachtech.dev

Keywords

repcliruntime-env

Readme

@rep-protocol/cli

Command-line tool for the Runtime Environment Protocol (REP).

Installation

npm install -g @rep-protocol/cli

The CLI automatically downloads the correct rep-gateway binary for your platform from GitHub Releases during installation.

Or use with npx:

npx @rep-protocol/cli [command]

Commands

rep validate

Validate a .rep.yaml manifest file against the JSON schema.

rep validate --manifest .rep.yaml

Options:

  • -m, --manifest <path> - Path to .rep.yaml manifest file (default: .rep.yaml)

Example output:

✓ Manifest is valid
  Version: 0.1.0
  Variables: 11 total
    - PUBLIC: 6
    - SENSITIVE: 3
    - SERVER: 2
  Settings configured: 6

rep typegen

Generate TypeScript type definitions from your manifest. This creates strongly-typed overloads for rep.get() and rep.getSecure() based on your declared variables.

rep typegen --manifest .rep.yaml --output src/rep.d.ts

Options:

  • -m, --manifest <path> - Path to .rep.yaml manifest file (default: .rep.yaml)
  • -o, --output <path> - Output path for generated .d.ts file (default: src/rep.d.ts)

Generated output example:

declare module "@rep-protocol/sdk" {
  export interface REP {
    get(key: "API_URL" | "FEATURE_FLAGS"): string | undefined;
    getSecure(key: "ANALYTICS_KEY"): Promise<string>;
    // ... other methods
  }
}

rep lint

Scan built JavaScript bundles for accidentally leaked secrets. Uses the same guardrail detection as the gateway (Shannon entropy, known secret formats, length anomalies).

rep lint --dir ./dist

Options:

  • -d, --dir <path> - Directory to scan (default: ./dist)
  • --pattern <glob> - File pattern to scan (default: **/*.{js,mjs,cjs})
  • --exclude <patterns> - Comma-separated glob patterns to exclude (e.g., "*.min.js,vendor/**")
  • --strict - Exit with error code if warnings are found

Minified code handling:

The linter filters out false positives from minified/bundled code while still detecting real secrets embedded in your bundles.

  • File-level skip: .min.js / .min.mjs / .min.cjs files are skipped entirely, as these are typically third-party vendor bundles. If your build produces application code with .min.js filenames, rename the output or run lint against the non-minified build.
  • String-level filtering: For all other files (including Vite, webpack, and Rollup bundles), extracted string values containing JavaScript language constructs (function, return, if, =>, ===, &&, .method(), key:value, etc.) are recognised as compiled code and skipped. Real secrets embedded in bundles are still detected.

Use --exclude to skip additional files or directories:

rep lint --dir ./dist --exclude "vendor/**,*.chunk.js"

Use cases:

  • CI/CD pipeline step to catch secrets before deployment
  • Pre-commit hook to prevent committing secrets
  • Regular audits of production bundles

Example output:

⚠ dist/main.js
  high_entropy:42: value has high entropy (5.23 bits/char) — may be a secret
    const key = "sk_live_abc123..."

⚠ Found 1 potential secret(s) in 1 file(s)

rep dev

Run a local development server with the REP gateway. Loads environment variables from a .env file and starts the gateway binary.

rep dev --env .env.local --port 8080 --proxy http://localhost:5173

Options:

  • -e, --env <path> - Path to .env file (default: .env.local)
  • -p, --port <number> - Gateway port (default: 8080)
  • --proxy <url> - Upstream proxy URL (e.g., http://localhost:5173 for Vite)
  • --static <path> - Serve static files from directory (embedded mode)
  • --hot-reload - Enable hot reload
  • --gateway-bin <path> - Path to rep-gateway binary (default: rep-gateway in PATH)

Example workflows:

With Vite:

# Terminal 1: Start Vite dev server
npm run dev

# Terminal 2: Start REP gateway proxy
rep dev --proxy http://localhost:5173

With static files:

rep dev --static ./dist --port 8080

Binary Resolution:

The CLI automatically looks for the gateway binary in this order:

  1. Bundled binary (downloaded during npm install)
  2. Custom path specified with --gateway-bin
  3. rep-gateway in system PATH

Development

Build the CLI from source:

cd cli
npm install  # Downloads the gateway binary for your platform
npm run build

Run locally without installing:

node bin/rep.js [command]

Manual Gateway Installation

If the automatic download fails (e.g., in an air-gapped environment), you can install the binary manually:

# Option 1: Build from source
cd gateway
make build
cp bin/rep-gateway ../cli/bin/gateway/

# Option 2: Download manually
curl -fsSL https://github.com/RuachTech/rep/releases/download/gateway/v0.1.2/rep-gateway_0.1.2_linux_amd64.tar.gz | tar -xz
mv rep-gateway /usr/local/bin/

License

Apache 2.0