npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

doordash-cli

v0.5.0

Published

Cart-safe DoorDash CLI with direct API support for browse, read-only existing-order, and cart workflows.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

latencytdhlatencytdh

Keywords

doordashcliplaywrightcart-safe

Readme

doordash-cli

Cart-safe DoorDash CLI for terminal workflows.

doordash-cli is an unofficial CLI for the parts of DoorDash that work well in a shell: sign in once, set a delivery address, search restaurants, inspect menus and items, read existing orders, and manage a cart with structured output.

It stops before checkout.

Highlights

  • Cart-safe by design — browse, inspect existing orders, and manage a cart; no checkout, payment, or order mutation.
  • Profile-first logindd-cli login reuses saved local auth, then same-machine Chrome/Brave profile state on supported platforms, then attachable signed-in browser sessions when possible, and otherwise opens a temporary login window.
  • Direct API first — auth, discovery, existing-order, and cart commands use DoorDash consumer-web GraphQL/HTTP rather than DOM clicking.
  • JSON-friendly — commands print structured output by default, and --json enables a documented automation envelope with stable error codes and exit codes.
  • Fail-closed — unsupported commands, flags, or unsafe payload shapes are rejected.

Install

Install from npm

npm install -g doordash-cli

That installs both lowercase command names: doordash-cli and dd-cli.

Package page: https://www.npmjs.com/package/doordash-cli

For the full install and first-run guide, see docs/install.md.

Install from source instead

If you want the latest unreleased work or a local checkout you can edit, use:

git clone https://github.com/LatencyTDH/doordash-cli.git
cd doordash-cli
npm install
npm link

If you prefer to run from a checkout without linking:

npm run cli -- --help

Optional runtime bootstrap

If your environment does not already have Playwright's bundled Chromium runtime installed, install it once:

doordash-cli install-browser
# or, from a checkout without linking
npm run install:browser

That runtime is used when the CLI needs a local browser, including the temporary login window fallback.

First run

doordash-cli login
doordash-cli auth-check
doordash-cli set-address --address "350 5th Ave, New York, NY 10118"
doordash-cli search --query sushi

If you are running from a checkout without npm link, replace doordash-cli with npm run cli --.

Login and session reuse

login reuses saved local auth when it is still valid. Otherwise it first tries to import signed-in same-machine Chrome/Brave profile state on supported platforms, then falls back to a discoverable attachable signed-in browser session, and finally opens a temporary Chromium login window it can watch directly. If authentication still is not established, login exits non-zero.

auth-check reports whether the saved state appears logged in and can quietly import same-machine Chrome/Brave profile state on supported platforms or a discoverable attachable signed-in browser session unless logout disabled that auto-reuse.

logout clears persisted cookies and stored browser state, then keeps passive browser-session reuse disabled until your next explicit dd-cli login attempt.

If login opens a temporary Chromium window, the CLI keeps checking automatically and also tells you that you can press Enter to force an immediate recheck once the page already shows you are signed in. On Linux, macOS, and Windows, a same-machine signed-in Google Chrome or Brave profile is the preferred browser-reuse path before CDP attach or the temporary login window. Linux imports profile cookies directly; macOS and Windows bootstrap the installed Chrome/Brave profile directly and only keep the session if the CLI can prove authenticated DoorDash consumer state.

Session storage

Reusable session state is stored in a doordash-cli-owned directory:

  • Linux / other XDG-like environments: $XDG_STATE_HOME/doordash-cli, else $XDG_CONFIG_HOME/doordash-cli when only that is set, else ~/.local/state/doordash-cli
  • macOS: ~/Library/Application Support/doordash-cli
  • Windows: %APPDATA%\\doordash-cli
  • Override for CI/containers/automation: DOORDASH_CLI_SESSION_DIR=/path/to/session-dir

The CLI stores cookies.json, storage-state.json, and a small browser-import-blocked marker used after logout.

If the new canonical directory is empty but the legacy ~/.config/striderlabs-mcp-doordash state exists, the CLI copies that legacy state forward automatically. If that copy cannot complete yet, it falls back to the legacy directory so existing users keep working.

Command surface

Session

  • install-browser
  • auth-check
  • login
  • logout

Discovery

  • set-address --address <text>
  • search --query <text> [--cuisine <name>]
  • menu --restaurant-id <id>
  • item --restaurant-id <id> --item-id <id>

Existing orders

  • orders [--limit <n>] [--active-only]
  • order --order-id <id>

Cart

  • add-to-cart --restaurant-id <id> (--item-id <id> | --item-name <name>)
  • update-cart --cart-item-id <id> --quantity <n>
  • cart

For configurable items and working command examples, see docs/examples.md.

For stable scripting and wrapper integrations, use --json and read docs/automation-contract.md.

Safety

The CLI allowlists browse, existing-order, and cart commands. It hard-blocks:

  • checkout
  • place-order
  • payment actions
  • order mutation or cancellation actions

Safety is enforced in code:

  • unsupported commands hard-fail
  • unknown flags are rejected before DoorDash work runs
  • direct cart mutations use validated request shapes
  • unsupported nested option transports fail closed

Docs

Caveats

  • This is an unofficial integration against DoorDash consumer-web traffic.
  • DoorDash can change request shapes, anti-bot behavior, or session handling at any time.
  • Review results before trusting them for anything important.

License

MIT