npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

cyberhub-pracenv

v1.2.1

Published

A beginner-friendly, fully terminal-based cybersecurity (CTF) practice platform in the ICOA terminal style.

Readme

CyberHub Practice Environment (cyberhub-pracenv)

A beginner-friendly, fully terminal-based cybersecurity (CTF) practice platform in the ICOA terminal style. Everything happens inside one interactive shell: browse challenges, read prompts, download attached files, and submit flags — no web browser, no separate commands.

Install

npm install -g cyberhub-pracenv@latest

Or install from a local clone:

git clone <this-repo> cyberhub-pracenv
cd cyberhub-pracenv
npm install
npm install -g .

Run

cyberhub-pracenv      # or the short alias: chpe

You'll see a welcome screen — press Enter, then log in or create an account to enter the platform shell. Type help at any time to see every command.

Accounts & the global leaderboard

Since v1.2.0 the platform uses online accounts. On launch you're asked to log in or register with a username and password you choose. Your points and solved challenges are stored on a shared backend, and the scoreboard command shows the top 100 users globally.

Heads-up on scores: challenges and their flags live in local YAML files, so the client grades your own submissions and reports the result to the server. The leaderboard is meant as a fun, community board — it is not a cheat-proof competitive ranking.

The platform needs a backend to be configured (see Backend setup). The admin panel does not require an account — anyone with the admin password can run admin.

What you can do

| Command | Description | | --- | --- | | challenges (ls) | List all available challenges | | open <id> | View a challenge: prompt, points, attached files | | files <id> | List files attached to a challenge | | cat <id> <file> | Print an attached file's contents | | get <id> <file> | Copy an attached file into your launch directory | | sh (shell) | Drop to your system shell to use any installed tool; exit returns | | submit <id> <flag> | Submit a flag to solve a challenge | | stats (whoami) | Your full user breakdown (points, rank, progress) | | scoreboard | Global leaderboard — the top 100 users | | requirements (rq) | Points needed to reach each rank | | changelog | What changed across versions | | login / register | Log in to / create an account | | logout | Log out of your account | | admin | Unlock admin mode (asks for the admin password) | | help | Show all commands | | exit (quit) | Leave the platform |

Admin (admin mode only)

| Command | Description | | --- | --- | | upload | Wizard that creates a new challenge .yml | | addfile <id> <path> | Attach a file from disk to an existing challenge | | rmchallenge <id> | Delete a challenge and its files | | passwd | Change the admin password |

The default admin password is admin — change it with passwd. Use logout to leave admin mode (and your account).

Since v1.2.1 the admin password is stored on the backend, not locally, so it is the same in every environment (e.g. Windows and WSL). Unlocking or changing it therefore requires a network connection. Note this means the admin password is shared across all installs pointed at the same backend.

Solving challenges fully in-terminal

Use get <id> <file> to copy an attached file into your working directory, then sh to drop into your own shell (cmd.exe on Windows, $SHELL on Linux/WSL) in that same directory — run python, strings, openssl, binwalk, whatever you have installed. Type exit to come back to CyberHub and submit the flag.

Backend setup (Supabase)

The online accounts + leaderboard run on a free Supabase project. To stand one up:

  1. Create a Supabase project (free tier).

  2. Open SQL Editor → New query, paste the contents of supabase/schema.sql, and Run it. This creates the accounts and admin_config tables and the locked-down RPC functions (chpe_register / chpe_login / chpe_sync / chpe_leaderboard / chpe_admin_verify / chpe_admin_set). The script is idempotent — re-run it after upgrading to pick up new objects (e.g. the admin functions added in v1.2.1).

  3. From Project Settings → API, copy the Project URL and the anon public key.

  4. Point the CLI at them, either via environment variables:

    export CHPE_SUPABASE_URL="https://YOUR-PROJECT.supabase.co"
    export CHPE_SUPABASE_ANON_KEY="your-anon-public-key"

    …or by baking the defaults into src/config.js before publishing your own build.

The anon key is safe to ship: Row-Level Security blocks all direct table access, so that key can only call the four SECURITY DEFINER functions, and password hashes (bcrypt via pgcrypto) never leave the database.

Challenge format

Challenges are plain .yml files (created by the upload wizard or by hand):

id: web-101
title: Cookie Monster
category: web
difficulty: easy
points: 100
description: |
  Multi-line prompt describing the challenge.
flag: CHPE{example_flag}
files:
  - cookies.txt

Where data lives

Challenge data and the admin password are local to your machine, under:

~/.cyberhub-pracenv/
  config.json            # admin password hash + settings
  challenges/<id>.yml    # challenge definitions
  files/<id>/<file>      # files attached to challenges

User accounts and the leaderboard are not stored here — they live on the Supabase backend (see Backend setup). Sample challenges (web-101, crypto-101, forensics-101, …) are seeded on first run.

Development

npm install
npm test          # runs the node:test suite
npm start         # run without a global install

License

MIT