npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

git-assure

v0.0.7

Published

A tool for analyzing GitHub repositories for sustainability and security risks.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

billyjbryantbillyjbryant

Keywords

githubgitrepositoryanalyzersecuritysustainabilitygithub-actionclidependency-analysisrisk-assessmentgit-assure

Readme

GitAssure

GitHub Release npm version GitHub Release Date License: MIT GitHub Actions Workflow Status semantic-release TypeScript Node.js

A comprehensive analysis tool for evaluating GitHub repositories. Git-Assure assesses sustainability and security risks, generating detailed reports to help you make informed decisions about the repositories you depend on.

Table of Contents

Installation

As an npm Package

Install the package from npm:

npm install git-assure
# or
yarn add git-assure

As a Command Line Tool

You can install the CLI globally via npm:

npm install -g git-assure
git-assure owner/repo

Or use it directly via npx:

npx git-assure owner/repo

Usage

In Node.js

You can use the analyzer in your JavaScript or TypeScript projects:

const { analyzeGitHubRepository } = require('git-assure');
// or ES modules
// import { analyzeGitHubRepository } from 'git-assure';

async function runAnalysis() {
  try {
    const repoUrl = 'https://github.com/owner/repo';
    const result = await analyzeGitHubRepository(repoUrl);

    console.log(`Risk Score: ${result.riskScore} (${result.riskRating})`);
    console.log(result.markdownSummary);

    // You can use the analysis results for your own purposes
    if (result.riskScore > 10) {
      console.log('High risk repository detected!');
    }
  } catch (error) {
    console.error('Analysis failed:', error);
  }
}

runAnalysis();

Command Line Tool

You can run the analyzer using one of the following methods:

# If installed globally or in PATH
git-assure owner/repo

# If using npx
npx git-assure owner/repo

# With full URL
git-assure https://github.com/owner/repo

# Save output to a file
git-assure owner/repo --output analysis-report.md

GitHub Action

You can use this tool as a GitHub Action in your workflows:

name: Analyze Repository

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  schedule:
    - cron: '0 0 * * 1' # Run weekly on Mondays

jobs:
  analyze:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Analyze Repository
        id: analysis
        uses: billyjbryant/git-assure@v0
        with:
          # The repository to analyze (defaults to the current repository)
          repository: ${{ github.repository }}

          # GitHub token for API access (recommended to increase API rate limits)
          token: ${{ secrets.GITHUB_TOKEN }}

          # Optional: Save the analysis to a file
          output-file: 'repo-analysis.md'

          # Optional: Comment results on the PR (only works in PR workflows)
          comment-on-pr: 'true'

          # Optional: Comment mode - 'create-new' or 'update-existing'
          comment-mode: 'update-existing'

      - name: Display Risk Score
        run: echo "Repository Risk Score is ${{ steps.analysis.outputs.risk-score }} (${{ steps.analysis.outputs.risk-rating }})"

      - name: Archive Analysis Results
        uses: actions/upload-artifact@v3
        with:
          name: analysis-report
          path: repo-analysis.md

PR Commenting

When used in a pull request workflow, the action can automatically post analysis results as a comment on the PR:

  • Set comment-on-pr: 'true' to enable this feature
  • Use comment-mode: 'update-existing' (default) to update an existing comment if found, or create a new one
  • Use comment-mode: 'create-new' to always create a new comment on each run

Example PR workflow focusing on the commenting feature:

name: PR Analysis

on:
  pull_request:
    types: [opened, synchronize, reopened]

jobs:
  analyze-pr:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write # Required for PR comments

    steps:
      - uses: actions/checkout@v3

      - name: Analyze Repository
        uses: billyjbryant/git-assure@v0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          comment-on-pr: 'true'

Note: Make sure your workflow has pull-requests: write permission when using the PR commenting feature.

Output

The analysis provides information about:

  • Repository age and activity
  • Contributor metrics
  • Security policy and practices
  • License information
  • Dependencies and vulnerabilities
  • Code quality indicators
  • Documentation quality
  • Community health
  • Release practices

It also generates:

  • A risk score (numerical value)
  • A risk rating (Low, Medium, High)
  • A detailed markdown report with all findings

Contributing

Contributions are welcome! Please open an issue or submit a pull request for any enhancements or bug fixes. Please see the CONTRIBUTING.md file for more details.

License

This project is licensed under the MIT License. See the LICENSE file for details.