npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

cs-devtest

v1.1.5

Published

Automatic Husky + Gitleaks + SonarQube setup for any JS/TS project

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

divyaraj_creoledivyaraj_creole

Keywords

huskygitleaksgit-hookssecuritysonarqubetypescripteslint

Readme

cs-setup

A robust, zero-config CLI package that automatically secures and standardizes your projects. By simply installing this package, it automatically configures Husky, Gitleaks, ESLint, SonarQube, Smoke Testing, and Newman API Testing natively hooked into your Git workflow.

🚀 Features

🛡️ Pre-Commit Hook (Code Quality & Security)

Whenever you run git commit, the following checks run automatically on your staged files:

  1. ESLint: Auto-lints all staged .js, .jsx, .ts, .tsx, .mjs, .cjs files.
  2. Gitleaks: Scans staged files for hardcoded secrets and credentials. Blocks the commit if any secrets are detected.
  3. Coverage & SonarQube: Attempts to generate test coverage (via Jest/Vitest) and then runs a SonarQube scan. If the Quality Gate fails, the commit is blocked.

🧪 Pre-Push Hook (CI Pipeline)

Whenever you run git push, a compulsory local CI pipeline runs:

  1. Smoke Test: Automatically boots up your server and waits for it to be accessible.
  2. Newman API Tests: Automatically runs Postman collections against your locally running server. Blocks the push if any tests fail.
  3. Branch Guard: Automatically detects branch deletions (e.g., git push origin --delete) and skips CI checks to allow instant deletion.

📦 Installation

<<<<<<< HEAD To strictly use pnpm i (or any other package manager) and bypass pnpm 10's strict security firewalls without any extra commands, you must copy and paste the following snippet into your project's package.json.

  1. Open your package.json.
  2. Add the dependency using the HTTPS URL (to avoid SSH permission errors).
  3. Add the pnpm configuration block (to allow the package to setup the .github folders automatically). ======= To install and initialize the setup in your project, add it as a devDependency:

5a9b41b61a0ab34f079eca1241b7405eceb0dda3

{
  "devDependencies": {
<<<<<<< HEAD
    "cs-setup": "git+https://github.com/Creolestudios/DevOps-standards.git"
  },
  "pnpm": {
    "onlyBuiltDependencies": [
      "cs-setup"
    ]
=======
    "cs-setup": "github:HUSAINTRIVEDI52/pkg#m-main"
>>>>>>> 5a9b41b61a0ab34f079eca1241b7405eceb0dda3
  }
}

<<<<<<< HEAD Once the above is in your package.json, simply type:

pnpm i

(This also works perfectly for npm i or yarn without any modifications.)

======= Then, run:

npm install

5a9b41b61a0ab34f079eca1241b7405eceb0dda3

🔄 Updating to Latest Version

If new features or fixes (like updated Git hook templates or new dependencies) are added to the cs-setup package, follow these steps to sync your project:

  1. Pull the latest code:
    npm install github:HUSAINTRIVEDI52/pkg#m-main
  2. Sync hooks and scripts:
    npx cs-setup check-hooks

This will automatically update your .husky/ files, refresh your scripts/run-ci-checks.sh, and install any new required dependencies (like Vitest coverage tools).

⚙️ Manual Initialization

If the automatic setup didn't trigger, or if you want to re-run the initialization:

npx cs-setup init

To verify and restore your hooks without a full initialization:

npx cs-setup check-hooks

📋 Configuration Details

SonarQube

A sonar-project.properties file is generated in your project root. You must edit this file to provide your SonarQube credentials:

  • sonar.host.url: Your SonarQube server URL.
  • sonar.login: Your SonarQube token.

Postman / Newman

Save your Postman collections in your repository with the .postman_collection.json extension. The CI script will automatically find and execute them against your local server.

Monorepo Support

The package automatically detects if your Node project is in a subdirectory of the Git repository. The hooks will automatically cd into the correct project folder before running checks.

❌ Troubleshooting

  • Hooks aren't running? Ensure you have initialized a Git repository (git init) before installing. You can manually run npx cs-setup check-hooks to restore them.
  • Missing Vitest Coverage? If your smoke tests fail due to a missing @vitest/coverage-v8 dependency, run npx cs-setup check-hooks to install it automatically.
  • Server fails to start in CI? Ensure your package.json has a valid start or dev script.