npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@yasasbanukaofficial/curo-cli

v1.0.0

Published

Curo CLI - Secure environment and secrets manager for modern applications

Readme

 ██████╗██╗   ██╗██████╗  ██████╗
██╔════╝██║   ██║██╔══██╗██╔═══██╗
██║     ██║   ██║██████╔╝██║   ██║
██║     ██║   ██║██╔══██╗██║   ██║
╚██████╗╚██████╔╝██║  ██║╚██████╔╝
 ╚═════╝ ╚═════╝ ╚═╝  ╚═╝ ╚═════╝

Curo CLI

Centralized secrets management for teams — straight to your terminal.

name: curo npm: @curo/cli license: MIT curo.dev

Pull your Curo project secrets directly into .env from the terminal.
Never share secrets via email, Slack, or messaging apps again.


Table of Contents


What is Curo?

Curo is a centralized secrets management platform — think Doppler or HashiCorp Vault, but dead-simple to use.

You manage your secrets (API keys, database URLs, admin credentials, etc.) on curo.dev — create projects, invite your team, define environments, and assign access roles. This CLI pulls those secrets straight into your local .env file inside your project, so your application never needs to know where the secrets actually live.


Why Use Curo?

The Problem

How most teams share secrets today:

| Method | Risk | | ---------------------------------------- | -------------------------------------------------------------------- | | Email or Slack message | Stored forever in inboxes — any compromised account leaks everything | | Shared spreadsheet | No audit trail, no access control, easily leaked | | Messaging app (WhatsApp, Telegram, etc.) | Zero governance — anyone in the chat sees every secret | | Pasting in meetings / screenshots | Visible to everyone on screen — no revocation | | .env files committed to Git | A single accidental push exposes every credential |

Every one of these methods is insecure, unscalable, and unaccountable.

The Solution

Curo gives your team a single source of truth for every secret:

  • Centralized — one place to create, update, and revoke secrets across all projects
  • Role-based access — developers get read-only access to secret names; only admins can view or edit values
  • Auditable — every access is authenticated, so you know exactly who pulled what and when
  • No secret sharing — developers pull from Curo instead of asking each other for passwords
  • Local only — secrets are written to your local .env; Curo never stores or syncs it
  • Accidental-commit safe — works with your existing .gitignored .env workflow

How It Works

         curo.dev (web app)
                │
    Create projects, add secrets,
        invite your team
                │
                ▼
     ┌──────────────────────────────┐
     │      curo (open the CLI)     │
     │                              │
     │   /login     authenticate    │
     │   /projects  pick a project  │
     │   pull       write .env      │
     └──────────────────────────────┘
                │
                ▼
         local .env file
  1. Sign up at curo.dev and create a project.
  2. Add secrets (database URL, API key, etc.) through the web dashboard.
  3. Invite your team and assign roles (developer / admin / viewer).
  4. Open the CLI by running curo in your terminal.
  5. Type /login to authenticate with your Curo account.
  6. Type /projects to browse and select your project.
  7. Press Enter to open the project, then select pull .env — your .env is generated instantly.
  8. Never manually handle a secret again. Remove a teammate from a project on curo.dev and their access is revoked instantly — no key rotation required.

Installation

Global install (recommended):

npm install -g @curo/cli

Or run on demand, without installing:

npx @curo/cli

Other package managers:

yarn global add @curo/cli
pnpm add -g @curo/cli

Quick Start

# Install
npm install -g @curo/cli

# Launch the interactive CLI
curo

# Inside the CLI interface:
#   1. /login        → authenticate with your Curo account
#   2. /projects     → select a project
#   3. Enter         → open the project
#   4. pull .env     → write secrets to ./.env

That's it — your .env is ready and your application can boot normally.


Usage

Running curo with no arguments launches the interactive terminal interface:

        ██████╗██╗   ██╗██████╗  ██████╗
        ██╔════╝██║   ██║██╔══██╗██╔═══██╗
        ██║     ██║   ██║██████╔╝██║   ██║
        ██║     ██║   ██║██╔══██╗██║   ██║
        ╚██████╗╚██████╔╝██║  ██║╚██████╔╝
         ╚═════╝ ╚═════╝ ╚═╝  ╚═╝ ╚═════╝

╭──────────────────────────────────────────────╮
│ Type a command, e.g. "/projects"              │
│ my-app  ·  [email protected]              │
╰──────────────────────────────────────────────╯

  type /  for commands   ↑↓  navigate   enter  select   esc  clear

 ● Tip  Try /projects to browse your projects

Everything is keyboard-driven — type / to see the full command list, or just start typing to search.


Commands

All commands are typed inside the CLI interface.

| Command | Action | | ----------- | ---------------------------------------------------- | | /login | Authenticate, or switch to a different account | | /projects | Browse and select a project | | /settings | View your profile, CLI version, and clear local data | | /logout | Sign out and clear your local session |

Once a project is selected, press Enter to open it. Inside the project you'll see:

| Action | What it does | | ------------- | ------------------------------------------------------ | | pull .env | Writes every secret to .env in the current directory | | refresh | Reloads the secret list from the server |

pull always replaces the full .env file rather than merging keys. Backup your existing .env before pulling if you have custom entries.


Keyboard Shortcuts

| Key | Action | | --------- | ------------------------------------ | | / | Navigate lists / suggestion dropdown | | Enter | Confirm selection | | Esc | Go back / clear current input | | Ctrl+C | Exit the application |


Configuration

| Environment Variable | Default | Description | | -------------------- | ------------------------------ | ---------------------------------------------------------------------------------- | | CURO_API_URL | http://localhost:5000/api/v1 | Override the backend API base URL (useful for self-hosted or staging environments) |

# Example: point the CLI at a staging environment
CURO_API_URL=https://api.staging.curo.dev/v1 curo

What Gets Stored Locally

The CLI stores only an authentication token on your machine — never any secret values.

| Platform | Location | | ------------- | ---------------------------- | | macOS / Linux | ~/.config/curo/config.json | | Windows | %APPDATA%\curo\config.json |

This token authenticates your API requests. Clear it any time via /settings → clear local data, or by running /logout.

No secrets are ever cached to disk by the CLI itself. Every pull fetches secrets fresh from the server and writes them directly to .env. Delete the token file and you're completely signed out.


Security Model

| Concern | How Curo handles it | | ------------------- | -------------------------------------------------------------------------------- | | Token storage | Stored locally via a secure config store — never exposed outside the CLI process | | API transport | Encrypted over HTTPS end-to-end (configurable via CURO_API_URL) | | Auth expiry | Tokens expire and require periodic re-authentication | | Local .env | Written to disk by the CLI — you own the file, not Curo | | Secret visibility | Role-based — developers see names only, admins see values | | Revocation | Remove a team member on curo.dev → their CLI access is revoked instantly | | Compromised machine | Run /logout or clear local data — the token is invalidated server-side |


Why a CLI Instead of a Web Dashboard?

Secrets belong in your development environment, not in a browser tab. The CLI:

  • Writes secrets directly to .env where your app actually reads them
  • Works offline once authenticated, until the next pull
  • Drops into your existing workflow (curo pull && npm run dev)
  • Never touches browser history, cookies, or localStorage

Requirements

  • Node.js >= 18
  • npm, yarn, or pnpm
  • A curo.dev account with at least one project

Troubleshooting

curo: command not found after install Make sure your global npm bin directory is on your PATH. Run npm config get prefix and confirm <prefix>/bin is included in your shell's PATH.

pull overwrites my existing .env The CLI always replaces the full .env file rather than merging keys. Back up your file before pulling if you have custom entries you want to keep.

Authentication keeps expiring Tokens have a limited lifetime for security. Run /login again to re-authenticate — this is expected behavior, not a bug.

Need to fully reset the CLI Run /settings → clear local data, or manually delete the config file listed in What Gets Stored Locally.


Contributing

Issues and pull requests are welcome. Please open an issue first for significant changes so we can discuss the approach before you put in the work.

git clone https://github.com/curo-dev/cli.git
cd cli
npm install
npm run build
npm start

Support


License

MIT © Curo