npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@settlin/standards

v0.1.3

Published

Shared engineering standards: ESLint, TypeScript, Prettier, commitlint, secrets scanning, and Claude skills

Downloads

569

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

s7dhanshs7dhansh

Keywords

eslint-configtsconfigprettier-configcommitlint-configsettlinengineering-standards

Readme

@settlin/standards

Shared engineering standards for all Settlin repositories — one installed package that every repo pulls its ESLint, TypeScript, Prettier, commitlint, secrets-scanning, and Claude-skill config from. Upgrade the package, upgrade every rule.

Install

Published to the public npm registry under the @settlin scope:

# bun
bun add -D @settlin/standards

# npm
npm install --save-dev @settlin/standards

Installing from GitHub directly (e.g. to test an unpublished commit) also works: npm i -D github:settlin/engineering-standards#<ref>.

Quick start

After installing, scaffold the thin re-export config files into your project:

npx @settlin/standards init          # writes config files (skips existing)
npx @settlin/standards init --force   # overwrite existing
npx @settlin/standards init --skill   # also install the Claude skill

init writes files that re-export from the installed package, so nothing is duplicated. It prints the two manual one-liners (tsconfig + Prettier) at the end.

What's inside

| Subpath / file | How you use it | |---|---| | @settlin/standards/eslint/nextjs | export { default } from '@settlin/standards/eslint/nextjs' in eslint.config.mjs | | @settlin/standards/typescript/nextjs | { "extends": "@settlin/standards/typescript/nextjs" } in tsconfig.json | | @settlin/standards/typescript/base | tsconfig base for non-Next.js packages | | @settlin/standards/prettier | "prettier": "@settlin/standards/prettier" in package.json | | @settlin/standards/commitlint | export { default } from '@settlin/standards/commitlint' in commitlint.config.js | | secrets-patterns.txt | grep patterns for the secrets scan (CI + husky hook) | | husky/* | pre-commit (secrets scan + lint-staged) and commit-msg (commitlint) hooks | | skills/pre-commit-checks.md | Claude skill: secrets → lint → typecheck → tests |

Manual reference (what init automates)

ESLint — eslint.config.mjs

export { default } from '@settlin/standards/eslint/nextjs'

// To add project rules, spread the preset instead:
//   import base from '@settlin/standards/eslint/nextjs'
//   export default [...base, { rules: { 'no-console': 'warn' } }]

TypeScript — tsconfig.json

{
  "extends": "@settlin/standards/typescript/nextjs",
  "compilerOptions": { "paths": { "@/*": ["./*"] } }
}

Prettier — package.json

{ "prettier": "@settlin/standards/prettier" }

commitlint — commitlint.config.js

export { default } from '@settlin/standards/commitlint'

Husky — package.json

{ "scripts": { "prepare": "husky" } }

Then npx @settlin/standards init drops the hooks into .husky/.

Claude skill

npx @settlin/standards init --skill
# copies skills/pre-commit-checks.md → ~/.claude/skills/
# invoke with /pre-commit-checks in any Claude Code session

Secrets scanning

secrets-patterns.txt is the single source of truth — referenced by both the husky pre-commit hook and CI (.github/workflows/ci.yml). Add a pattern once and both layers pick it up. Covers AWS keys, OpenAI/GitHub/Slack tokens, private key blocks, JWTs, Google API keys, and generic secret = "…" assignments.

Releasing a new version

Releases are automated with release-please driven by conventional commits — you never bump the version by hand.

  1. Merge conventional commits to main (feat:, fix:, etc.).
  2. release-please opens/updates a "chore(main): release x.y.z" PR that bumps package.json + .release-please-manifest.json and writes CHANGELOG.md.
    • feat: → minor (patch while < 1.0), fix: → patch, feat!:/BREAKING CHANGE → major.
  3. Merge that PR. release-please creates the git tag + GitHub Release, which triggers the publish job → npm publish --provenance --access public.

Consuming repos pick up new rules with npm update @settlin/standards (or bump the version range in package.json).

One-time setup for publishing

  1. npm org — an npm org named settlin must exist (owns the @settlin scope). Create it at npmjs.com → Add Organization.
  2. NPM_TOKEN secret — an npm Automation access token with publish rights to the scope, added under Settings → Secrets and variables → Actions.
  3. release-please token — this org disables write access for the default Actions token, so add a RELEASE_PLEASE_TOKEN secret: a fine-grained PAT (or classic PAT with repo + workflow scope) that can open PRs and push tags on this repo. (If an org admin instead enables Settings → Actions → "Workflow permissions: read and write" + "Allow Actions to create and approve pull requests", the workflow falls back to the built-in token and this secret becomes unnecessary.)

Commit convention

All commits follow Conventional Commits. See commitlint/config.ts for the annotated ruleset.