npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@sambhram06/ghostpatch

v0.1.2

Published

An agent-native Ghostpatch skill and CLI for approval-gated OSS GitHub contributions.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sambhram06sambhram06

Keywords

githubossautomationagentclicodexskills

Readme

Ghostpatch

Ghostpatch is an agent-native skill for Codex, Claude Code, and other coding agents. It helps an agent find open-source GitHub issues, qualify good candidates, solve them locally, review the diff and tests, and raise a pull request only after user approval.

The main product is the Agent Skill:

npx skills add https://github.com/Sambhram1/Ghostpatch- --skill ghostpatch

The npm package provides the executable engine used by the skill:

npm install -g @sambhram06/ghostpatch

After install, ask your agent:

Use Ghostpatch to find a good issue in my configured repos, solve it locally, and prepare a PR for my approval.

What It Does

Ghostpatch gives agents a supervised open-source contribution workflow:

  • find repositories and open GitHub issues
  • fork selected live-work repositories into the authenticated user's GitHub profile
  • qualify candidates by labels, reproduction detail, tests, contribution-guide signals, bot/AI restrictions, and license metadata
  • clone selected repos into ~/.ghostpatch/workspaces
  • ask Codex, Claude, or a local deterministic agent to solve locally
  • run the configured validation command
  • store scan history, review state, patch results, command logs, reproduction logs, diffs, and test output
  • store PR memory for follow-up work after CI failures or maintainer feedback
  • show what changed and what risk remains
  • publish issues or PRs only after explicit user confirmation

Ghostpatch is supervised by default. Autonomous publishing exists only in the explicit ghostpatch surge extension mode.

Install as a Skill

From skills.sh / skills CLI:

npx skills add https://github.com/Sambhram1/Ghostpatch- --skill ghostpatch

If your agent supports npm-distributed skills, the npm package includes:

skills/ghostpatch/SKILL.md
skills/ghostpatch/scripts/ghostpatch.mjs

The skill runner calls a local ghostpatch binary when available and falls back to:

npx --yes @sambhram06/ghostpatch

Install the Engine

The skill can run through npx, but global install is faster:

npm install -g @sambhram06/ghostpatch

The installed command is:

ghostpatch

Requirements

  • Node.js 22 or newer
  • Git
  • GitHub CLI
  • GH_TOKEN or GITHUB_TOKEN before live scan or publish
  • Optional: Codex CLI or Claude CLI

GitHub Auth

Ghostpatch uses token-first GitHub auth for live scan and publish. Set one of these environment variables before running live GitHub actions:

$env:GH_TOKEN="your_token"
setx GH_TOKEN "your_token"

Alternative:

$env:GITHUB_TOKEN="your_token"
setx GITHUB_TOKEN "your_token"

ghostpatch setup will ask which variable to use, validate it when present, and save only the variable name in Ghostpatch preferences.

First Run

Run setup once:

ghostpatch setup

Or through the skill runner:

node skills/ghostpatch/scripts/ghostpatch.mjs setup

Setup stores:

  • preferred agent: local, codex, or claude
  • preferred languages
  • manual repos or auto-search mode
  • approval mode
  • preferred GitHub token env var: GH_TOKEN or GITHUB_TOKEN
  • per-repo validation command overrides

Per-repo validation commands use:

owner/name=npm test -- config, other/repo=pytest tests/test_loader.py

Agent Workflow

When the skill is installed, the agent should use:

node <skill-folder>/scripts/ghostpatch.mjs scan --live
node <skill-folder>/scripts/ghostpatch.mjs review

The review command is where solving and publishing happen. It can:

  • compare candidate quality
  • resume interrupted reviews
  • reject candidates with reasons
  • create or reuse your GitHub fork for the selected repository
  • show issue and PR drafts
  • ask the configured agent to solve locally
  • show changed files, test output, blockers, and remaining risk
  • create issues or PRs only after confirmation

When you explicitly want continuous autonomous operation, use ghostpatch surge. That mode keeps normal review unchanged and only runs when directly invoked.

CLI Commands

ghostpatch setup
ghostpatch scan
ghostpatch scan --live
ghostpatch surge --max-prs 1 --max-runtime-minutes 30
ghostpatch review
ghostpatch agents
ghostpatch login codex --command codex
ghostpatch login claude --command claude
ghostpatch login codex --dry-run-command "codex exec --sandbox read-only {{prompt}}"
ghostpatch run --agent codex --fixture python-fastapi-bug

ghostpatch login configures the coding agent command. GitHub access comes from GH_TOKEN or GITHUB_TOKEN.

Use plain ghostpatch scan for a safe fixture demo.

Use ghostpatch scan --live for real GitHub issue discovery.

Use ghostpatch surge only when you explicitly want continuous find -> solve -> publish behavior with hard limits and quality gates.

For live GitHub solve and PR flow, Ghostpatch uses:

  • origin = your fork
  • upstream = the original repository

Safety Model

Ghostpatch blocks or warns before publication when it detects:

  • no changed files
  • failed agent execution
  • failed validation command
  • over-budget diff
  • secret-like content in the diff
  • generated or sensitive files that need manual review
  • dirty workspace before solving
  • unexpected branch before publishing
  • existing remote branch
  • possible duplicate issue or pull request
  • draft-only approval mode

In ghostpatch surge, Ghostpatch additionally enforces:

  • max PRs per run
  • max runtime
  • max failures before stop
  • repo scan limit per cycle
  • candidate-quality threshold before publish

Live patching happens under ~/.ghostpatch/workspaces, not in the Ghostpatch source repository.

Stored Data

  • Preferences: ~/.ghostpatch/preferences.json
  • Agent config: ~/.ghostpatch/config.json
  • Latest report: ~/.ghostpatch/latest-report.json
  • Scan history: ~/.ghostpatch/reports
  • Review state: ~/.ghostpatch/review-state
  • Patch results: ~/.ghostpatch/patch-results
  • PR memory: ~/.ghostpatch/pr-memory
  • Surge runs: ~/.ghostpatch/surge
  • Workspaces: ~/.ghostpatch/workspaces

Development

npm install
npm run build
npm test
npm run lint
npm pack --dry-run --cache .npm-cache
node build/src/index.js run --fixture python-fastapi-bug
python C:\Users\sambh\.codex\skills\.system\skill-creator\scripts\quick_validate.py skills\ghostpatch

Publishing

Publish the npm engine:

npm test
npm run lint
npm pack --dry-run --cache .npm-cache
npm publish --access public

Publish the skill from GitHub when your GitHub CLI supports gh skill:

gh skill publish --dry-run
gh skill publish --tag v0.1.0

The package name is @sambhram06/ghostpatch because the unscoped ghostpatch npm name is already taken. The CLI binary remains ghostpatch.

License

MIT