npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

commit-cop

v1.1.5

Published

Commit Cop — a pre-commit safety checker that scans staged files for risky commits.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jasondinh345jasondinh345

Keywords

cligitpre-commitdeveloper-toolscommit-checker

Readme

Commit Cop

Commit Cop is a pre-commit safety checker that scans your staged files and warns you about common mistakes before they get pushed to GitHub.

Built for students, hackathons, and dev teams who want practical guardrails—not just formatting checks.

Commit Cop (commit-cop) — catch bad commits before they hit GitHub.

Install

In your project:

npm install commit-cop

This downloads the package into node_modules. It does not enable the Git hook by itself.

Run automatically on every commit (recommended)

From your Git repo:

npx commit-cop install

This writes a pre-commit hook. After that, Commit Cop runs before each git commit completes and scans staged files. If it exits with an error, the commit is blocked.

Treat warnings as blocking issues in the hook:

npx commit-cop install --strict

Remove the hook:

npx commit-cop uninstall

Skip the hook once:

git commit --no-verify

Run manually

Scan staged changes once:

npx commit-cop

Treat warnings as blocking:

npx commit-cop --strict

Strict mode and commit behavior

Every scan prints:

Strict Mode: ON | OFF
Errors: N
Warnings: N

| Situation | Strict OFF | Strict ON | | --- | --- | --- | | Errors found | Commit blocked | Commit blocked | | Warnings only | Commit allowed | Commit blocked | | Clean scan | Commit allowed | Commit allowed |

Errors always block. Warnings only block when --strict is used (via the CLI or install --strict).

Raid (auto-fix)

raid applies common repo fixes that align with Commit Cop checks.

npx commit-cop raid

By default, raid does not remove console.log lines. Pass --fix-console-log to include that fix. debugger lines are still removed from staged files.

npx commit-cop raid --fix-console-log

| Check | Fix | | --- | --- | | Generated folders / env files | Adds missing .gitignore entries (.env, node_modules/, dist/, build/, .next/, coverage/, junk patterns) | | Focused tests | Replaces test.only, it.only, describe.only in test/spec files | | Debug logs | Removes standalone console.log(...) from staged JS/TS files only with --fix-console-log | | Debugger | Always removes standalone debugger lines from staged JS/TS files | | Junk files | Deletes .DS_Store, Thumbs.db, swap/backup files found on disk | | Env / sensitive / generated / junk / binary / large (staged) | Runs git restore --staged on matching staged files | | Lockfile drift | Runs npm install when package-lock.json is missing or older than package.json | | Merge conflicts, secrets, localhost | Manual only — reported at the end; not auto-fixed |

Review all changes before committing. raid may run npm install and unstaging commands against your Git index.

What it checks

| Check | Severity | What it catches | | --- | --- | --- | | Merge conflicts | Error | <<<<<<<, =======, >>>>>>> markers left in code | | Environment files | Error | .env, .env.local, and other .env.* files | | Sensitive filenames | Error | Keys, certs, credentials.json, .npmrc, and similar | | Generated folders | Error | node_modules/, dist/, build/, .next/, coverage/ (including nested paths) | | Secrets | Error | API keys, GitHub/AWS/Stripe tokens, JWT secrets, database URLs | | Focused tests | Error | test.only, it.only, describe.only left in test files | | Debug logs | Warning | console.log in staged JS/TS code (skip with --allow-console-log) | | Debugger statements | Warning | debugger in staged JS/TS code | | Localhost URLs | Warning | Hardcoded localhost or 127.0.0.1 URLs | | Junk files | Warning | .DS_Store, Thumbs.db, swap/backup files | | Lockfile drift | Warning | package.json staged without package-lock.json (or vice versa) | | Large files | Warning | Staged files over 5 MB | | Binary files | Warning | .zip, .exe, .mp4, and other non-text files |

Local development

Clone this repo and install dependencies:

npm install

Run from source (no build required):

npm run dev
npm run dev -- --strict

Install the pre-commit hook for this repo:

npx tsx src/index.ts install
npx tsx src/index.ts install --strict

When developing Commit Cop itself, the hook runs npm run dev so you always test local source—not a nested npm copy. Do not add commit-cop as a dependency of this repo.

Build and run the compiled CLI:

npm run build
npm start
npm start -- --strict

Demo fixtures for manual testing:

npm run demo:setup
git add testing.ts demo/
npm run dev

Project structure

src/
  index.ts       CLI entry point (scan, install, raid)
  hook.ts        Writes the Git pre-commit hook
  git.ts         Reads staged files from Git
  scanner.ts     Runs all checks
  reporter.ts    Prints the report and exit outcome
  runScan.ts     Orchestrates a scan
  types.ts       Shared types
  brand.ts       Product name and CLI name
  checks/        One file per check
  fix/           Auto-fix helpers used by raid

Each check implements the same interface: receive staged files, return findings with a message and suggested fix.

How it works

  1. Install the hook with npx commit-cop install (or run manually)
  2. Read staged file paths with git diff --cached --name-only
  3. Run every check in src/checks/
  4. Print findings, strict mode status, and error/warning counts
  5. Exit with code 1 to block the commit (errors, or warnings in strict mode)

Publish to npm

npm run build
npm publish

prepublishOnly runs build automatically. The files field ensures dist/ is included in the published package even though it is gitignored locally.