npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

cerber-core

v1.1.12

Published

Prevent secrets (API keys, passwords) and console.log in commits. Zero-config pre-commit hooks with Husky auto-install. Blocks Stripe, GitHub, AWS credentials out-of-the-box. 357+ teams protected.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

agataslezakagataslezak

Keywords

github-actionscici-cdworkflow-driftconfig-driftquality-gatepolicy-as-codecontract-guardreusable-workflowdevopssecuritymonorepomulti-repopre-commitgit-hookshuskydeployment-gateguardrailscontract-firstsingle-source-of-truthhealth-checkdoctoraiai-agentscopilotcursorwindsurfclaudellmsecretssecret-scanningsecret-detectionapi-keysapi-securitydevsecopscode-qualitydeveloper-toolstypescriptnodejs

Readme

🛡️ Cerber Core — CI Contract Guard for GitHub Actions

Detects workflow/config drift across repos and enforces a single source of truth via CERBER.md.

AI doesn't break your project. Lack of a contract does.

npm version License: MIT GitHub Discord

What is Cerber Core?

Cerber enforces your project roadmap as executable contract (CERBER.md). Write rules once, get automatic validation on every commit + CI run.

What Cerber Is (and Isn't)

Contract guard — Validates your CERBER.md rules are enforced
Drift detector — Catches when CI config/workflow changes break protection
Works WITH existing tools — Doesn't replace ESLint/Prettier/tests. Ensures they stay required.

Not a linter — Use ESLint for code style
Not a test runner — Use Jest/Vitest for unit tests
Not a deployment tool — Use your existing CD pipeline

Think of it as: Policy-as-code layer that prevents your other tools from being bypassed.

Why? (The CI Drift Problem)

  • AI agents follow your roadmap → Agent pastes code matching CERBER.md
  • Human bypasses rules → Commit sneaks through, CI green but wrong
  • CI config drifts → Workflow changes, gates disappear, protection gone

Solution: Guardian blocks bad commits before they reach CI. CI re-validates and protects itself from tampering.

🏆 Proof: Used in Production

Cerber protects real SaaS applications. See it in action:

Eliksir Platform CI Pipelines:

These aren't demo projects - live production systems serving real users, protected by Cerber since day one.

📖 Full case study: How Cerber prevented 47 production bugs

💬 Community (Discord)

Join the Cerber Core Discord for support, feedback, and CI/Doctor showcases: 👉 https://discord.gg/V8G5qw5D

  • Questions: ask in #general
  • Feedback / bugs: #feedback (bugs can also go to GitHub Issues)
  • Proofs: post your CI runs / doctor output in #showcase

🚀 Quick Start (60 seconds)

# 1. Install
npm i -D cerber-core

# 2. Generate contract template
npx cerber init

# 3. Edit CERBER.md (use AI assistant or manual)
# → Define your roadmap, tech stack, protected assets

# 4. Generate hooks + CI workflow
npx cerber init

# 5. Verify setup
npx cerber doctor

# 6. Commit and push
git add .
git commit -m "feat: add Cerber protection"
git push

That's it. Guardian now blocks bad commits. CI re-validates and protects itself.

What Cerber Checks

Pre-commit (Guardian)

  • ❌ Secrets in code (API keys, tokens)
  • ❌ Forbidden patterns (eval, console.log in prod)
  • ❌ Missing required imports
  • ❌ Protected file deletions
  • ✅ Schema validation (if enabled)

CI (GitHub Actions)

  • ❌ Workflow tampering (job ID changes)
  • ❌ Missing required checks
  • ❌ Contract violations
  • ✅ Re-runs Guardian validation

📍 TODAY: CI contract guard + workflow drift detection
🚀 ROADMAP: Post-deploy health gates (experimental in v1.1, production-ready in v2.0)

Doctor Command

  • ❌ Missing CERBER.md
  • ❌ Missing schema (strict mode)
  • ❌ Missing pre-commit hook
  • ❌ Missing CI workflow
  • ✅ Override state validation

⚖️ Stability Policy

Cerber is a devtool — we don't break pipelines:

  • CLI flags + exit codes: Follow SemVer. Breaking changes = major version bump.
  • JSON output: Versioned schema (e.g., {"version": "1.0", ...}). New fields = minor, changed fields = major.
  • CI workflow templates: Generated files are yours to customize. Updates = opt-in via cerber init --force.

Current stability: v1.1.11 is production-ready for CI contract guard use case. See production proof.

Example: CI Drift Detected

$ npx cerber doctor

[Cerber Doctor] Setup Validation

[OK] All checks passed!

Configuration:
  Mode: dev
  Guardian: enabled
  Health: enabled
  CI: github
  Override: DISABLED

[READY] Ready to commit!

⭐ If Cerber helped you, star the repo: https://github.com/Agaslez/cerber-core
💬 Join Discord for feedback/support: https://discord.gg/V8G5qw5D

When drift detected:

$ npx cerber doctor

[Cerber Doctor] Setup Validation

[FAIL] Issues found:

[!] .github/workflows/cerber.yml
    GitHub workflow not found

Next Steps:

1. Re-run initialization to generate missing files:
   npx cerber init

Help: https://github.com/Agaslez/cerber-core/discussions

How to Use Cerber (Full Workflow)

Cerber is simple: write rules once in CERBER.md, enforce on every commit + CI run.

📍 TODAY: Pre-commit Guardian + CI workflow drift detection
🚀 ROADMAP: Post-deploy health gates (experimental)

Roadmap → CERBER.md contract → enforced automatically on every commit/push.

1) Install

npm i -D cerber-core

2) Generate CERBER.md

npx cerber init

If CERBER.md did not exist, Cerber creates a template and stops.
Now YOU fill the contract (ideally with an AI assistant).

3) Teach Cerber using your roadmap (fastest way)

Take your project roadmap + repo structure and paste it into ChatGPT/Claude/Cursor with the Cerber Contract Translator prompt (see below).

Then:

  • Paste the generated contract into CERBER.md
  • Run init again to generate hooks/workflows/templates:
    npx cerber init

4) Verify everything (Doctor)

npx cerber doctor

Exit codes:

  • 0 ✅ All checks pass
  • 2 ❌ Missing CERBER.md
  • 3 ❌ Missing schema (strict mode)
  • 4 ❌ Missing hook/workflow

5) Commit and push (Guardian + CI)

  • git commit → Guardian validates staged changes (blocks violations)
  • git push → GitHub Actions validates again in CI

💬 Feedback & Support

Having issues? Want to share your setup?

Show your CI runs in Discord #showcase!

Cerber Contract Translator (Copy/Paste Prompt)

Use this to generate a production-ready CERBER.md from your roadmap.
Cerber does NOT design your architecture. It enforces what you write.

PROMPT:

You are a "Cerber Contract Translator". Convert my roadmap + repo structure into a `CERBER.md` contract.

RULES:
- Do NOT invent architecture or rules.
- Only translate what I explicitly provide.
- If something is missing, ask up to 10 questions in a `QUESTIONS` section and leave placeholders.
- Output must be a complete `CERBER.md` with:
  1) CERBER_CONTRACT (YAML)
  2) ROADMAP_AS_LAW (milestones)
  3) AI_AGENT_RULES (no guessing)
  4) PROTECTED_ASSETS
  5) CERBER_OVERRIDE (TTL safety fuse)
  6) QUESTIONS

INPUT I PROVIDE:
- Roadmap (what we are building, milestones, priorities)
- Repo structure (`tree -L 3` or folder list)
- Tech stack + commands for smoke/e2e/build
- Integrations (Stripe/Ghost/Cloudinary/etc.)
- What files/paths are "protected" from deletion

Now generate `CERBER.md`.

For AI Agents (Copilot / Cursor / Windsurf / Claude / etc.)

Single rule: CERBER.md is the ONLY source of truth.

Agent must follow this protocol

  1. If CERBER.md is missing:

    • Run npx cerber init to generate template
    • STOP (user must provide contract content)

  2. If CERBER.md exists:

    • Read it first
    • Execute exactly what it says
    • Do NOT invent rules, do NOT infer architecture

  3. Schema policy (important):

    • If schema.mode: strict → DO NOT generate schema files
    • If schema.mode: template_only → you may generate only the minimal template (NOT decisions)

  4. Safety rules:

    • Never disable or rename CI job id: cerber-ci
    • Never remove: CERBER.md, .github/workflows/cerber.yml, scripts/cerber-guardian.mjs, .husky/pre-commit, .github/CODEOWNERS
    • Never bypass checks using continue-on-error
    • Never use cat <<EOF for TS/JS (corrupts ${} template literals)

If a required rule is not present in CERBER.md → ASK USER or FAIL FAST.

🔗 Links

  • Repository: https://github.com/Agaslez/cerber-core
  • Releases: https://github.com/Agaslez/cerber-core/releases
  • Security Policy: https://github.com/Agaslez/cerber-core/blob/main/SECURITY.md
  • Discussions: https://github.com/Agaslez/cerber-core/discussions
  • Full Documentation: docs/README_LONG.md

📋 Minimal CERBER.md Example

## CERBER_CONTRACT
\```yaml
version: 1
mode: solo  # solo | dev | team

guardian:
  enabled: true
  schemaFile: BACKEND_SCHEMA.mjs

schema:
  enabled: true
  file: BACKEND_SCHEMA.mjs
  mode: strict  # Recommended: You create schema, Cerber never generates

health:
  enabled: true
  endpoint: /api/health

ci:
  provider: github
  branches: [main]
\```

Schema modes:

  • strict (recommended) → You design architecture, Cerber guards it
  • template_only → Helper scaffold for beginners (NOT design decisions)

📚 Documentation

Quick Links:

Workflows by Team Size:

Examples:

✨ Key Features

Guardian 1.0 (Pre-commit)

  • Schema-as-Code (architecture rules in version control)
  • Fast feedback (<1s validation vs 5min CI wait)
  • Required imports + forbidden patterns
  • Architect approvals (traceable exceptions)

Cerber 2.1 (Runtime)

  • Detailed diagnostics (diagnosis + rootCause + fix)
  • Severity levels (critical/error/warning)
  • Component-based health checks
  • Performance tracking

SOLO Layer

  • Auto-repair (format, deps, changelog)
  • Performance budget enforcement
  • Daily dashboard
  • Dependency health checks

TEAM Layer

  • Focus Mode (500 LOC context vs 10K LOC for AI) ⭐
  • Module boundaries enforcement
  • Connection contracts between modules
  • CERBER.md project mapping

🚨 Emergency Override

For P0 production hotfixes only, controlled safety fuse with strict TTL:

## CERBER_OVERRIDE
enabled: true
reason: "P0 - Payment API down, emergency rollback"
expires: "2026-01-04T18:00:00Z"  # 6-hour TTL
approvedBy: "CTO Name"

What Override DOES:

  • ✅ Allows pre-commit to pass WITH WARNING (audit trail logged)
  • ✅ Can skip postDeploy gate if configured

What Override NEVER DOES:

  • ❌ Disable cerber-integrity job (self-protection always runs)
  • ❌ Disable entire CI pipeline (build/test/lint must pass)
  • ❌ Disable CODEOWNERS enforcement (team mode)

Use sparingly. After expiry, guardian proceeds with normal validation.

🤝 Contributing

Contributions welcome! Please read CONTRIBUTING.md first.

git clone https://github.com/Agaslez/cerber-core.git
cd cerber-core
npm install
npm run build
npm test

📞 Support & Links

📄 License

MIT © 2026 Stefan Pitek

Free for commercial use. See LICENSE for details.

🌟 About

Founded by Agata Ślęzak, created and maintained by Stefan Pitek

Read the full story: docs/STORY.md

Support development: docs/SPONSORING.md

If Cerber saved you time, give it a star!

Made with 🛡️ by developers, for developers