npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

cmux-vnc-here

v0.1.1

Published

Spin up an ephemeral token-auth VNC server and print a vnc:// link — connect with native macOS Screen Sharing

Readme

cmux-vnc-here

Share this Mac's screen in one command — no VNC setup, no System Settings, no passwords to invent.

npx cmux-vnc-here

Spins up a throwaway, token-auth VNC (RFB) server and prints a vnc:// link + QR code. Open it in native macOS Screen Sharing (⌘K in Finder → paste the link, or scan the QR from another Mac) and you're looking at — and controlling — this machine. Hit Ctrl-C and the server, token, and screen access vanish.

It's the cmux-ssh-here idea for the screen instead of the shell: a full RFB 3.8 server hand-rolled in one file, using the standard VNC Authentication that Screen Sharing speaks — so the device you connect from needs nothing installed.

Why

  • Zero setup — one npx command; no enabling Remote Management, no vncpassword.
  • 🍎 Native client — connects with the Screen Sharing app built into every Mac.
  • 🔑 No credentials to share — auth is a one-time 8-char token baked into the link.
  • Self-expiring — the token rotates every 3 minutes; leaked links go stale on their own.
  • 🎯 One-time mode--once locks the link to the first device that connects.
  • 👀 Live dashboard — current link, QR, countdown bar, and who's connected.
  • 🧹 Nothing left behind — no system settings touched; close the terminal and it's gone.

Permissions (one-time)

The screen grab uses Apple's own screencapture, and keyboard/mouse control uses a native input module. macOS will ask your terminal app for two permissions on first run — grant both in System Settings → Privacy & Security:

  • Screen Recording — to see the screen.
  • Accessibility — to move the mouse and type.

How it works

  • A from-scratch RFB server over TCP (speaks both the 3.3 security handshake that macOS Screen Sharing negotiates and the 3.7+ list form): ProtocolVersion → VNC Authentication (DES challenge-response; the token is the password) → ServerInit → framebuffer loop.
  • Screen frames come from screencapture -t bmp (uncompressed, top-down, 32bpp BGRA — same layout as the wire, so no image-decode step), downsampled from Retina to the logical screen size and sent as Raw rectangles.
  • Keyboard/mouse events are injected with @hurdlegroup/robotjs (robotjs's own screen capture segfaults on recent macOS, so it's used for input only).
  • The token rides in vnc://:<token>@host:port and is rotated every CMUX_VNC_TTL seconds (default 180). --once freezes it after the first connection.

Options

| | | | --- | --- | | --once | Lock the link to the first device that connects; reject the rest. | | CMUX_VNC_TTL=<sec> | Token/link lifetime before rotation (default 180). | | PORT=<n> | Bind a fixed port (default: random free port). | | CMUX_VNC_DEBUG=1 | Log protocol events instead of the live dashboard. |

Security

⚠️ The token grants full screen + keyboard + mouse control as your user. It's a bearer secret — use it on a trusted LAN only, never over the open internet. The server binds 0.0.0.0, so anyone on your network who has the live token can connect. Use --once, and close the terminal when you're done.

Limitations

  • macOS host only (uses screencapture + macOS input). The client can be any Mac.
  • Primary display only, and one Raw full-frame per request (~3–4 fps on LAN, no compression or dirty-rect diffing). Fine for "show me the screen"; it's not video.
  • 8-character password — a hard limit of the legacy VNC auth scheme.

License

MIT