npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

clippity

v0.1.6

Published

a playful JavaScript package manager — no preinstall scripts, no auto code execution

Readme

clippity

Fast, secure, and playful JavaScript dependency management.

Fast: clippity caches every package it downloads to ~/.clippity/cache/, so re-installs skip the network entirely. Downloads run 6 at a time concurrently for maximum throughput.

Secure: clippity never runs lifecycle scripts (preinstall, install, postinstall, prepare) without asking you first. Every tarball is verified against the registry's SHA-512 checksum before extraction.

Reliable: Lockfile-locked deterministic installs — clippity.lock.json guarantees the same dependency tree on every machine. Works offline for anything already cached.

Features

  • Offline mode — packages cached on first install are available without internet
  • No auto-execution — lifecycle scripts prompt for permission (y/N/a)
  • Concurrent downloads — pool of 6 workers, max 4 concurrent extracts
  • Integrity verification — SHA-512 checksums on every tarball
  • Deterministic installs — lockfile ensures identical trees everywhere
  • Orphan cleanup — removing a package also removes its unused transitive dependencies
  • PATH-aware scriptsnode_modules/.bin is on PATH when running lifecycle scripts
  • Audit support — check installed packages against the npm security advisory database
  • Playful CLI — animated spinner with random quips per phase

Install

npm install -g clippity
npm link

Requires Node.js >= 18.

Usage

clippity <command> [options]

Commands:
  init        Create a package.json interactively
  install     Install all dependencies (prompts for scripts)
  add         Add a dependency
  remove      Remove a dependency (cleans up orphan sub-deps)
  list        List installed packages
  outdated    Show outdated packages
  info        Show package info from registry
  doctor      Check project for common issues
  why         Explain why a package is installed
  link        Symlink a local package for development
  audit       Check installed packages for known vulnerabilities
  run         Run a script from package.json
  cache       Manage the on-disk on-disk package cache

clippity by itself runs install.

Aliases

| Command | Aliases | |---|---| | install | i | | remove | uninstall, rm, un | | list | ls | | info | view, show |

Security

When a package has lifecycle scripts, clippity shows what it wants to run and asks for permission:

[email protected] has lifecycle scripts:
      postinstall → node install.js

  ? Run these scripts? (y/N/a)
  • y — run once
  • n — skip (default)
  • a — always allow for this session

Checksums are verified against the registry before any file is extracted. The audit command checks all installed packages against the npm security advisory database.

How it works

clippity resolves dependencies against the npm registry, downloads and caches tarballs, verifies integrity, extracts packages into node_modules/, and optionally runs lifecycle scripts with explicit user approval. The lockfile (clippity.lock.json) records every installed package with its resolved version and exact dependency tree for reproducible installs.

Contributing

Syntax check all files with node --check before submitting. PRs welcome.

License

MIT