npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

devkit-forge

v1.0.1

Published

CLI toolkit for scaffolding, security auditing, and automated git-hook-based code review

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

pragnesh-rabaripragnesh-rabari

Keywords

scaffoldingcode-reviewsecuritygit-hooksnestjsexpresscli

Readme

⚡ devkit-forge

The all-in-one DevOps toolkit for Node.js developers. Scaffold production-ready projects, run deep security audits, and automate your code reviews—100% locally, with no paid APIs or subscriptions required.

npm version License: MIT

🌟 Why devkit-forge?

Setting up a solid folder structure, configuring security tools, and enforcing code quality standards takes hours. devkit-forge reduces that to seconds. It brings enterprise-grade standards to your local environment using trusted, free, open-source tools.

  • 100% Free: No API keys, no SaaS accounts, no usage limits.
  • Local First: All analysis runs directly on your machine.
  • Zero-Config Automation: Catch bugs and vulnerabilities before they are committed.

📦 Installation

Install the package globally to use the devkit command anywhere on your machine.

npm install -g devkit-forge

🚀 Quick Start Initialize a brand new project with a standard folder structure and automatically install git hooks:

Bash devkit init my-awesome-app Follow the interactive prompts to choose your framework (Express, NestJS, Next.js) and configure your setup.

🛠️ Core Commands

  1. 🏗️ Scaffolding (devkit scaffold) Generate production-ready folder trees and stub files instantly. Perfect for ensuring consistency across your team's microservices or apps.

Bash

Scaffold an Express structure into the current directory

devkit scaffold -t express

Scaffold a NestJS structure into a specific folder

devkit scaffold -t nestjs -d ./backend 2. 🧐 Automated Code Review (devkit review) Runs a comprehensive static analysis using ESLint, eslint-plugin-security, and sonarjs rules. It generates a detailed .md report in the .devkit-reports/ folder.

Bash

Review files staged for commit

devkit review --staged

Review files changed compared to HEAD

devkit review --changed

Review the entire project

devkit review --all 3. 🛡️ Security Audit (devkit security) Runs a deep, regex-based scan across your codebase to catch severe vulnerabilities without relying on external APIs. Detects:

Hardcoded secrets, API keys, and passwords.

SQL injection risks.

Catastrophic ReDoS (Unsafe Regex).

Weak cryptography (MD5/SHA1).

eval() usage and Prototype Pollution.

Bash devkit security 4. 🤖 Git Hooks Automation (devkit hooks) Enforce code quality and security automatically on every commit and push.

Bash

Install pre-commit (auto-review) and pre-push (auto-audit) hooks

devkit hooks --install

Remove the hooks

devkit hooks --remove Pre-commit: Runs devkit review --staged. Rejects the commit if errors are found.

Pre-push: Runs devkit security. Rejects the push if critical vulnerabilities are found.

📊 Beautiful Markdown Reports Instead of just dumping text into your terminal, devkit-forge generates clean, readable Markdown reports inside the .devkit-reports/ directory at the root of your project.

review.md: Contains a summary table, file-by-file breakdown of ESLint errors/warnings, and cognitive complexity issues.

security.md: Highlights critical and high-severity issues with code snippets pointing exactly to the problematic lines.

🤝 Contributing Contributions, issues, and feature requests are welcome! Feel free to check the issues page (Add your repository link here).

Fork the Project

Create your Feature Branch (git checkout -b feature/AmazingFeature)

Commit your Changes (git commit -m 'Add some AmazingFeature')

Push to the Branch (git push origin feature/AmazingFeature)

Open a Pull Request

📝 License Distributed under the MIT License. See LICENSE for more information.