npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@teamamw/test-kit

v0.1.0

Published

AMW shared test harness — env-safety guards, test-tenant auth, synthetic fixtures, secret-scan, a toggleable CI gate, and Vitest/Stryker presets. Dev-time only; never ships to runtime.

Readme

@teamamw/test-kit

Shared test harness for the AMW Suite. Dev-time only — never imported by runtime code. One place to define the testing standard so all 14 apps don't drift into 14 different setups.

It does not contain the tests themselves (those live in each app's tests/, next to the code they test). It provides the harness: env-safety guards, test-tenant auth, synthetic fixtures, a secret scanner, the on/off dial, and Vitest/Stryker presets.

Why it's separate from autofix

The kit is a devDependency apps import to write/run tests. autofix is a deployed runtime service (the monitor + readiness board). Different artifacts, loose seam: CI runs the kit → emits results → autofix ingests them for the board. Changing the kit never redeploys autofix, and vice versa.

Install (per app)

npm i -D @teamamw/test-kit vitest @stryker-mutator/core @stryker-mutator/vitest-runner
// vitest.config.ts
import { defineConfig } from 'vitest/config'
import { amwVitestConfig } from '@teamamw/test-kit'
export default defineConfig(amwVitestConfig())

amwVitestConfig() wires @teamamw/test-kit/setup, which runs assertTestEnv() before any test — so a suite pointed at production aborts immediately.

The shape we're testing toward (round-2 research)

Testing Trophy, not the classic pyramid — for TS/API-centric services:

  • Static base: TS strict + ESLint (free bug-catching, no test code).
  • Core: integration tests at the API boundary — auth, tenant-scope, payments, golden flows. Highest ROI for these apps.
  • Targeted unit tests only for complex pure logic (parsers, money math), ideally property-based.
  • Thin e2e for critical journeys; synthetic probes (in autofix) watch prod.
  • Mutation score (Stryker) is the real gate — coverage % is gameable (AI tests have ~⅓ wrong assertions). A test only counts if it FAILS when the code is broken.

Security / leak rules (non-negotiable)

  • No secrets in test code. Mock external services; CI reads masked secrets. amw-secret-scan blocks commits with hardcoded keys.
  • assertTestEnv() aborts if NODE_ENV=production, DATABASE_URL looks like prod, or live payment/email/SMS keys are present.
  • Test-tenant only. mintTestToken() refuses the AMW production tenant and defaults to least-privilege viewer. Set TESTKIT_TENANT_ID (Mike Tester / AUDIT) + TESTKIT_JWT_SECRET.
  • Synthetic fixtures onlyinfo+testkit-…@amworldgroup.com emails, reserved 555-01xx phones. Never seed from a prod DB.
import { testFetch, fakeContact, assertTestEnv } from '@teamamw/test-kit'
const api = testFetch(process.env.TEST_BASE_URL!) // injects a fresh test token
const res = await api('/api/contacts', { method: 'POST', body: JSON.stringify(fakeContact()) })

The on/off dial — TESTKIT_MODE

A strictness dial, not a casual switch (a freely-disableable gate gets disabled and coverage rots). Set per app via a repo/Action variable:

| mode | behaviour | |---|---| | off | skip the suite (adoption not started) | | report | run, report, never block — the default, safe to roll out | | soft | run, block only on NEW failures vs baseline (advisory) | | hard | run, block on ANY failure (the destination, once earned) |

The readiness board surfaces each app's mode, so "off" is a visible, auditable choice. Roll out report-only, dial up app-by-app.

CI

Copy ci/testkit.yml.github/workflows/testkit.yml. Secret-scan blocks always; tests are advisory until TESTKIT_MODE=hard; mutation runs nightly and reports to the board.

Adoption order

  1. Install + vitest.config.ts + tests/setup.ts (report-only).
  2. Add the CI workflow + TESTKIT_JWT_SECRET/TESTKIT_TENANT_ID secrets.
  3. Write integration tests for the risk surfaces (auth, tenant-scope, payments).
  4. Add Stryker (configs/stryker.template.json); chase mutation score, not coverage.
  5. Dial TESTKIT_MODE up once the app has earned it.