npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

dep-drift-sec

v0.1.1

Published

Production-ready CLI to detect dependency drift and security risks.

Downloads

14

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

deeptech_fr_iadeeptech_fr_ia

Keywords

securitydependencydriftauditclisupply-chainvulnerabilitynode

Readme

dep-drift-sec

Production-grade security and stability guardrails for your Node.js dependencies.

dep-drift-sec is an open-source CLI tool designed to prevent production breakage and identify supply-chain risks. It bridges the gap between basic vulnerability scanners and manual audits by focusing on dependency drift, transitive relationships, and maintenance heuristics.

[!NOTE] The CLI is open-source and works entirely offline/locally without any mandatory backend service.

Key Features

  • Drift Protection: Detects flexible version ranges (^, ~) in package.json and transitive version conflicts that cause "works on my machine" bugs.
  • Transitive Visibility: Explicitly surfaces the full dependency chain for every risky package found.
  • Maintenance Heuristics:
    • Unmaintained: Identifies packages not updated in the last 18 months.
    • Deprecated: Alerts on packages officially marked as deprecated by maintainers.
    • Single-Maintainer: Highlights potential single-point-of-failure risks in your supply chain.
  • CI/CD Ready: Machine-readable JSON output and standardized exit codes for easy pipeline integration.

Getting Started

Installation (Development)

npm install
npm run build

Usage

Using npx (Recommended for CI/Production)

# Run a check on the current directory
npx dep-drift-sec check

# Run with JSON output and SaaS-ready flag
npx dep-drift-sec check --json --upload

# Check a specific project path
npx dep-drift-sec check --path ./my-project

Using Local Scripts

# Quick scan (requires local build)
npm run scan

# Direct execution
node dist/cli/index.js check

Scan Results Contract (v1.0)

When run with --json, the CLI produces a versioned, stable JSON structure.

Example Output

{
  "meta": {
    "schemaVersion": "1.0",
    "scanId": "550e8400-e29b-41d4-a716-446655440000",
    "projectName": "my-project",
    "projectId": "a3f5b2c...",
    "generatedAt": "2026-01-17T20:55:00Z"
  },
  "summary": {
    "driftCount": 0,
    "securityCount": 1,
    "riskLevel": "medium",
    "riskReason": "1 dependency has security or drift issues, increasing breakage and security risk.",
    "recommendedAction": "warn",
    "recommendedExitCode": 2
  },
  "drift": [],
  "security": [
    {
      "dependencyName": "example-pkg",
      "transitive": true,
      "introducedBy": ["direct-parent"],
      "description": "An example package",
      "issues": [
        {
          "type": "unmaintained",
          "reason": "Last update was 70 months ago.",
          "riskLevel": "medium",
          "details": { "lastUpdate": "2020-03-04" }
        }
      ],
      "overallRisk": "medium"
    }
  ]
}

CI/CD Integration (Exit Codes)

| Code | Meaning | Outcome | | :--- | :--- | :--- | | 0 | OK | No drift or security issues found. | | 1 | Drift Detected | Version ranges found in package.json. | | 2 | Security Issue | Heuristics triggered (unmaintained, etc). | | 3 | Mixed Issues | Both drift and security issues present. | | 4 | Internal Error | Missing files or runtime failure. |

License

MIT - See LICENSE for details.