npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

devdrops

v1.0.1

Published

devdrops CLI — pull a project's encrypted secrets, commands and setup notes into any machine, CI job or AI agent, and sync whole project folders end-to-end encrypted.

Readme

devdrops CLI — "Dropbox for devs" sync

Sync your project folders across every machine and cloud agent — with end-to-end encrypted file contents and .env included, without the Git dance.

How it works

  • Manifest in Firestore — the file tree (path → content hash) syncs instantly, so a new machine sees the whole structure the moment it links, before any file is downloaded.
  • Content-addressed blobs in Storage — file contents are stored under the SHA-256 of their plaintext, AES-256-GCM encrypted with the vault DEK (the same key that protects secrets). The server never sees plaintext, identical files are stored once, and a single API token can unlock both files and secrets. (Blobs synced before this change stay readable via a password fallback.)
  • Dev-aware ignore + rehydratenode_modules, dist, .next, target, .venv… are never synced (they're OS-specific). Their lockfiles are, and pull --install rebuilds deps locally (npm ci, pip install, cargo build, …).

Usage

npm install            # in cli/
node devdrops.mjs login                 # cache creds in ~/.devdrops/config.json (chmod 600)

# machine A
cd ~/code/my-project
node devdrops.mjs init "my-project"     # register the folder
node devdrops.mjs push                  # encrypt + upload changed files

# machine B (or a cloud agent)
node devdrops.mjs list                  # see your synced projects
node devdrops.mjs clone <projectId>     # tree materializes here
node devdrops.mjs pull --install        # get updates + rebuild deps
node devdrops.mjs status                # local vs remote diff

# either machine — automatic background sync (the "real Dropbox" feel)
node devdrops.mjs watch                 # auto-push on local change, auto-pull on remote change

# on-demand access — the whole tree, download only what you touch
node devdrops.mjs link <projectId>      # link a folder, download nothing
node devdrops.mjs ls                    # show the entire tree (0 downloads)
node devdrops.mjs cat src/index.js      # hydrate + print just that one file
node devdrops.mjs mount ./code          # FUSE mount (Linux/macFUSE): files download on first read

watch is additive (it never auto-deletes) so a live two-way sync can't race a teammate's just-added file into a deletion. Deletions propagate through an explicit push, which prunes.

Auth for headless folder-sync use: set DEVDROPS_EMAIL + DEVDROPS_PASSWORD env vars.

Token access (CI / agents — no password)

For pipelines and cloud agents that just need a project's secrets / commands / setup, use an API token instead of your password. Create one in devdrops → Settings → API-Tokens, then:

export DEVDROPS_TOKEN=ddp_…            # or: node devdrops.mjs token ddp_…
node devdrops.mjs projects             # list projects
node devdrops.mjs secrets <id>         # print decrypted KEY=value
node devdrops.mjs secrets <id> --env production
node devdrops.mjs env <id> -o .env     # write a .env file
node devdrops.mjs commands <id>        # saved commands
node devdrops.mjs setup <id>           # setup notes

Still zero-knowledge: the API returns ciphertext + the token-wrapped vault key; the CLI unwraps and decrypts locally. The token is stored as a hash only, is scoped to reads, and can be revoked anytime. This is the recommended auth for CI and AI agents — no account password on disk.

Roadmap

  • M1 (done): push / pull / clone — manual sync, encrypted, dev-aware ignore.
  • M2 (done): devdrops watch — background daemon, auto push/pull on change (real-Dropbox feel), bidirectional via Firestore realtime.
  • M3 (done): on-demand access — link + ls/cat show the whole tree and hydrate only touched files (works on any OS); mount exposes the same engine as a real FUSE filesystem on Linux/macFUSE (the key flow for cloud AI agents). Hydrated blobs are cached in ~/.devdrops/cache/ (content-addressed, shared across projects).