npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

har-o-scope

v0.1.0

Published

Zero-trust intelligent HAR file analyzer. Drop a HAR file, get instant diagnosis.

Readme

har-o-scope

Zero-trust intelligent HAR file analyzer. Drop a HAR file, get instant diagnosis.

CI npm License: AGPL-3.0

Everything runs locally. No servers, no uploads. Your HAR data never leaves your machine.

What do you want to do?

| I want to... | Start here | | ---------------------------------- | --------------------------------------- | | Analyze a HAR file in my browser | Browser UI | | Add HAR analysis to CI/CD | CLI | | Write custom detection rules | Writing Custom Rules | | Use it as a library | Library API | | Understand how it works | Architecture |

Browser UI

Open har-o-scope and drop a .har file. You get:

  • Health score (0-100) with root cause classification
  • Request waterfall with timing breakdown
  • Categorized findings with fix recommendations
  • Before/after diff comparison
  • Export to JSON, CSV, Markdown, or self-contained HTML

Works offline. Dark mode. Keyboard shortcuts (? to see them all).

CLI

npx har-o-scope analyze recording.har
Health Score: 62/100  ######----
Root Cause:   server (confidence: 68%)
Requests: 15 | Time: 31.2s | Analysis: 4ms

Findings (2 critical, 1 warning, 3 info)

X [critical] 5 requests with slow TTFB (> 800ms)
  ...

Commands

# Output formats: text, json, markdown, html, sarif
har-o-scope analyze recording.har --format json

# CI mode with exit codes and GitHub annotations
har-o-scope analyze recording.har --ci --threshold 70

# Compare before/after
har-o-scope diff before.har after.har

# Strip secrets before sharing
har-o-scope sanitize recording.har -o clean.har

# Validate HAR structure and custom rules
har-o-scope validate recording.har

# Try it with built-in demo data
har-o-scope analyze --demo

Exit codes

| Code | Meaning | | ---- | ------------------------------------------ | | 0 | Pass. No warnings or critical findings. | | 1 | Warnings found. | | 2 | Critical findings, or score below threshold. |

CI/CD Integration

SARIF output plugs directly into GitHub's Security tab:

har-o-scope analyze recording.har --sarif > results.sarif

See examples/github-action.yml for a complete GitHub Actions workflow.

Library

import { analyze } from 'har-o-scope'
import { readFile } from 'node:fs/promises'

const har = JSON.parse(await readFile('recording.har', 'utf-8'))
const result = analyze(har)

console.log(result.healthScore) // { score: 72, breakdown: { ... } }
console.log(result.findings)    // [{ ruleId: 'slow-ttfb', severity: 'critical', ... }]

Subpath imports for tree-shaking:

import { analyze } from 'har-o-scope/analyze'
import { diff } from 'har-o-scope/diff'
import { sanitize } from 'har-o-scope/sanitize'
import { validate } from 'har-o-scope/validate'
import { computeHealthScore } from 'har-o-scope/health-score'

Full API docs: docs/api/reference.md

Writing Custom Rules

Rules are YAML files. A minimal rule:

rules:
  my-slow-api:
    category: server
    severity: warning
    title: "{count} slow API call{s}"
    description: "API requests took over 2 seconds."
    recommendation: "Check server logs."
    condition:
      match_all:
        - field: "entry.request.url"
          matches: "/api/"
        - field: "timings.wait"
          gt: 2000

Use it:

har-o-scope analyze recording.har --rules my-rules.yaml

17 built-in rules ship in rules/generic/. You can compose custom rules that inherit shared conditions and exclude noise filters.

Learn more:

Architecture

HAR JSON ──> Normalizer ──> Rule Engine ──> Classifier ──> Health Score
                 |                              |
                 v                              v
             Validator                     Findings[]

The analysis pipeline:

  1. Normalizer parses HAR JSON, normalizes timings (replacing -1 with 0), classifies resource types, computes transfer sizes.
  2. Rule Engine evaluates YAML rules against each normalized entry. Rules support conditions, inheritance, filters, severity escalation, and aggregate detection.
  3. Classifier determines root cause (client, network, or server) using weighted scoring from rule findings.
  4. Health Score computes a 0-100 score with per-category deductions, timing penalties, and volume penalties.

Browser: runs in a Web Worker. CLI/library: runs on the main thread. No network requests anywhere.

17 built-in rules detect: slow TTFB, stalled requests, DNS/TLS issues, missing compression, broken resources, HTTP/1.1 downgrades, missing cache headers, large payloads, redirect chains, CORS preflights, mixed content, and excessive requests.

Requirements

  • CLI and library: Node.js >= 20
  • Browser UI: Any modern browser (Chrome, Firefox, Safari, Edge)

Contributing

See CONTRIBUTING.md for development setup, testing, and rule contribution guidelines.

License

AGPL-3.0-only