npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

doordash-cli

v0.4.1

Published

Cart-safe DoorDash CLI with direct API support for browse, read-only existing-order, and cart workflows.

Downloads

333

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

latencytdhlatencytdh

Keywords

doordashcliplaywrightcart-safe

Readme

doordash-cli

Cart-safe DoorDash CLI for terminal workflows.

doordash-cli is an unofficial CLI for the parts of DoorDash that work well in a shell: sign in once, set a delivery address, search restaurants, inspect menus and items, read existing orders, and manage a cart with JSON output.

It stops before checkout.

Highlights

  • Cart-safe by design — browse, inspect existing orders, and manage a cart; no checkout, payment, or order mutation.
  • Browser-first logindd-cli login reuses saved local auth or an attachable signed-in browser session when possible, and otherwise opens a temporary login window.
  • Direct API first — auth, discovery, existing-order, and cart commands use DoorDash consumer-web GraphQL/HTTP rather than DOM clicking.
  • JSON-friendly — every command prints structured output.
  • Fail-closed — unsupported commands, flags, or unsafe payload shapes are rejected.

Install

Install from npm

npm install -g doordash-cli

That installs both lowercase command names: doordash-cli and dd-cli.

Package page: https://www.npmjs.com/package/doordash-cli

For the full install and first-run guide, see docs/install.md.

Install from source instead

If you want the latest unreleased work or a local checkout you can edit, use:

git clone https://github.com/LatencyTDH/doordash-cli.git
cd doordash-cli
npm install
npm link

If you prefer to run from a checkout without linking:

npm run cli -- --help

Optional runtime bootstrap

If your environment does not already have Playwright's bundled Chromium runtime installed, install it once:

doordash-cli install-browser
# or, from a checkout without linking
npm run install:browser

That runtime is used when the CLI needs a local browser, including the temporary login window fallback.

First run

doordash-cli login
doordash-cli auth-check
doordash-cli set-address --address "350 5th Ave, New York, NY 10118"
doordash-cli search --query sushi

If you are running from a checkout without npm link, replace doordash-cli with npm run cli --.

Login and session reuse

login reuses saved local auth when it is still valid. Otherwise it tries to import a discoverable attachable signed-in browser session. A merely-open Chrome/Brave window is not automatically reusable unless the CLI can actually attach to it. If no attachable session is available, it opens a temporary Chromium login window and saves the session there. If authentication still is not established, login exits non-zero.

auth-check reports whether the saved state appears logged in and can quietly import a discoverable attachable signed-in browser session unless logout disabled that auto-reuse.

logout clears persisted cookies and stored browser state, then keeps passive browser-session reuse disabled until your next explicit dd-cli login attempt.

If login opens a temporary Chromium window, the CLI now keeps checking automatically and also tells you that you can press Enter to force an immediate recheck once the page already shows you are signed in. That restores the old effective manual-completion path without giving up automatic completion when it works. If you expect reuse from another browser instead, make sure it exposes an attachable browser automation session the CLI can actually import; a merely-open browser window is not enough today, even if it is already your main browser.

Command surface

Session

  • install-browser
  • auth-check
  • login
  • logout

Discovery

  • set-address --address <text>
  • search --query <text> [--cuisine <name>]
  • menu --restaurant-id <id>
  • item --restaurant-id <id> --item-id <id>

Existing orders

  • orders [--limit <n>] [--active-only]
  • order --order-id <id>

Cart

  • add-to-cart --restaurant-id <id> (--item-id <id> | --item-name <name>)
  • update-cart --cart-item-id <id> --quantity <n>
  • cart

For configurable items and working command examples, see docs/examples.md.

Safety

The CLI allowlists browse, existing-order, and cart commands. It hard-blocks:

  • checkout
  • place-order
  • payment actions
  • order mutation or cancellation actions

Safety is enforced in code:

  • unsupported commands hard-fail
  • unknown flags are rejected before DoorDash work runs
  • direct cart mutations use validated request shapes
  • unsupported nested option transports fail closed

Docs

Caveats

  • This is an unofficial integration against DoorDash consumer-web traffic.
  • DoorDash can change request shapes, anti-bot behavior, or session handling at any time.
  • Review results before trusting them for anything important.

License

MIT