npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@satoshibits/create-github-workflows

v1.3.0

Published

CLI for generating standardized github workflows

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

satoshibitssatoshibits

Keywords

create-github-workflowsgithub-actionsworkflowci-cddevopscli

Readme

@satoshibits/create-github-workflows

CLI for generating standardized GitHub Actions workflows. Detects your project setup and scaffolds production-ready CI/CD pipelines with a single command.

Quick Start

# Interactive setup
npx @satoshibits/create-github-workflows init

# Quick setup with a preset
npx @satoshibits/create-github-workflows init --preset library --yes

Commands

init

Scaffolds a full set of workflows based on your project type.

create-github-workflows init [options]

| Option | Description | |--------|-------------| | -p, --preset <preset> | Use a preset: library, docker-app, monorepo | | -y, --yes | Skip prompts, use defaults (requires --preset) | | -f, --force | Overwrite existing workflow files |

The CLI auto-detects your package manager, Node version, monorepo structure, and Dockerfile presence, then asks you to confirm or customize.

add

Adds a single workflow to an existing project.

create-github-workflows add <workflow> [options]
# Examples
create-github-workflows add codeql
create-github-workflows add docs-deploy
create-github-workflows add dependabot --force

| Option | Description | |--------|-------------| | -f, --force | Overwrite if the workflow file already exists |

list

Shows all available workflows and their install status.

create-github-workflows list
  CI
    ✓ pr-validation   Fast PR feedback with lint, typecheck, and unit tests
    ○ build           Main branch protection with Docker image build
  Security
    ✓ codeql          GitHub CodeQL static analysis
    ○ dependency-audit Scheduled dependency vulnerability audit
  ...

Presets

Presets provide a curated set of workflows for common project types. All presets include CodeQL and Dependabot by default.

library

For NPM packages. Generates:

| Workflow | File | Purpose | |----------|------|---------| | pr-validation | pr-validation.yml | Lint, typecheck, test on PRs | | release-please | release-please.yml | Automated versioning and changelogs | | npm | publish-npm.yml | Publish to NPM on release | | codeql | codeql.yml | Weekly security scanning | | dependabot | .github/dependabot.yml | Automated dependency updates |

Required secrets: RELEASE_PAT, NPM_TOKEN

docker-app

For Docker-based applications with deployment environments. Generates:

| Workflow | File | Purpose | |----------|------|---------| | pr-validation | pr-validation.yml | Lint, typecheck, test on PRs | | build | build.yml | Docker image build on main | | release-please | release-please.yml | Automated versioning and changelogs | | docker | publish-docker.yml | Docker image tagging and promotion | | staging | deploy-staging.yml | Manual staging deployment | | preview | deploy-preview.yml | Manual preview deployment | | production | deploy-production.yml | Tag-triggered production deployment | | codeql | codeql.yml | Weekly security scanning | | dependabot | .github/dependabot.yml | Automated dependency updates |

Required secrets: RELEASE_PAT, plus platform-specific secrets (DigitalOcean, Kubernetes, or AWS ECS)

monorepo

For multi-package workspaces using changesets. Generates:

| Workflow | File | Purpose | |----------|------|---------| | pr-validation | pr-validation.yml | Lint, typecheck, test on PRs | | changesets | changesets.yml | Coordinated monorepo releases | | npm | publish-npm.yml | Publish packages to NPM | | codeql | codeql.yml | Weekly security scanning | | dependabot | .github/dependabot.yml | Automated dependency updates |

Required secrets: NPM_TOKEN

All Available Workflows

CI

| Name | Output | Description | |------|--------|-------------| | pr-validation | pr-validation.yml | Lint, typecheck, and test on pull requests. Includes Gitleaks secret detection and dependency audit. | | build | build.yml | Main branch protection with Docker image build and validation. Requires Docker configuration. |

Release

| Name | Output | Description | |------|--------|-------------| | release-please | release-please.yml | Automated version bumps and changelog generation from conventional commits. | | changesets | changesets.yml | Monorepo release management with coordinated version bumps across packages. |

Publish

| Name | Output | Description | |------|--------|-------------| | npm | publish-npm.yml | Publishes packages to NPM on release. Supports scoped packages and access levels. | | docker | publish-docker.yml | Promotes Docker images with version tags. Supports GHCR, Docker Hub, and ECR. |

Deploy

| Name | Output | Description | |------|--------|-------------| | staging | deploy-staging.yml | Manual deployment to staging. Supports DigitalOcean, Kubernetes, and AWS ECS. | | preview | deploy-preview.yml | Manual preview deployment from any branch. | | production | deploy-production.yml | Tag-triggered production deployment with environment protection. |

Security

| Name | Output | Description | |------|--------|-------------| | codeql | codeql.yml | GitHub CodeQL static analysis for JavaScript/TypeScript. Runs on push, PRs, and weekly. | | dependency-audit | dependency-audit.yml | Weekly dependency vulnerability scan. Opens a GitHub issue if vulnerabilities are found. |

Maintenance

| Name | Output | Description | |------|--------|-------------| | dependabot | .github/dependabot.yml | Dependabot configuration for automated npm and GitHub Actions dependency updates. Note: outputs to .github/, not .github/workflows/. | | stale | stale.yml | Marks issues and PRs as stale after 60 days of inactivity, closes after 7 more days. Exempts pinned, security, and bug labels. |

Docs

| Name | Output | Description | |------|--------|-------------| | docs-deploy | deploy-docs.yml | Builds and deploys documentation to GitHub Pages. Prompts for build script and output directory during init. |

Package Manager Support

All generated workflows adapt to your package manager:

| Feature | npm | pnpm | yarn | bun | |---------|-----|------|------|-----| | Install | npm ci | pnpm install --frozen-lockfile | yarn install --frozen-lockfile | bun install --frozen-lockfile | | Run scripts | npm run | pnpm | yarn | bun run | | Cache | Built-in | Built-in | Built-in | Via setup-bun | | Audit | npm audit | pnpm audit | yarn audit | Falls back to npm audit |

Configuration

Running init creates a .github-workflows.json config file in your project root. This tracks your selections so that add and list commands can work with your project context.

{
  "version": 1,
  "projectName": "my-app",
  "preset": "library",
  "packageManager": "pnpm",
  "releaseStrategy": "release-please",
  "nodeVersion": "20",
  "isMonorepo": false,
  "workflows": ["pr-validation", "release-please", "npm", "codeql", "dependabot"],
  "docker": null,
  "npm": { "publish": true, "access": "public" },
  "docs": null
}

GitHub Secrets

After generating workflows, configure the required secrets in your repository:

Settings > Secrets and variables > Actions

| Secret | Used by | Notes | |--------|---------|-------| | GITHUB_TOKEN | Most workflows | Automatically provided by GitHub Actions | | RELEASE_PAT | release-please | Personal access token with contents:write to trigger downstream workflows | | NPM_TOKEN | npm, changesets | NPM authentication token for publishing | | DOCKERHUB_USERNAME | docker | Only if using Docker Hub registry | | DOCKERHUB_TOKEN | docker | Only if using Docker Hub registry | | DIGITALOCEAN_ACCESS_TOKEN | Deploy workflows | Only if deploying to DigitalOcean | | KUBE_CONFIG | Deploy workflows | Only if deploying to Kubernetes |

Requirements

  • Node.js >= 20.11.0
  • A package.json in your project root

License

ISC