npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

kirishima

v1.0.0

Published

Hardens your npm dependencies. No lockfile drama.

Readme

kirishima 🗿

Harden your npm dependencies. No lockfile drama.

Inspired by Eijiro Kirishima — because your dependencies should be unbreakable.

The problem: package-lock.json is 10k lines nobody commits, node_modules is huge, and npm install in CI can silently pull a different version than what you tested. pnpm and bun solved this better — but they're not the default.

Kirishima fixes the npm weak point without making you switch tools.


Install

npm install -g kirishima

Commands

| Command | What it does | |---|---| | kirishima snapshot | Reads node_modules, saves .hardened.json with exact versions | | kirishima check | Validates installed versions against the snapshot | | kirishima install | Runs npm install then checks the snapshot | | kirishima harden | Pins all versions in package.json to exact (no ^ or ~) | | kirishima unharden | Restores package.json from backup | | kirishima config | Configure kirishima (language, etc) | | kirishima unconfig | Reset configuration to defaults |


Typical workflow

# After npm install, lock what you have
kirishima snapshot

# Commit .hardened.json (tiny, readable)
git add .hardened.json

# In CI, instead of npm install
kirishima install

.hardened.json format

Small, human-readable, actually committable:

{
  "version": 1,
  "locked": {
    "express": "4.18.2",
    "lodash": "4.17.21",
    "chalk": "5.3.0"
  }
}

Language support

Kirishima supports 20 languages for CLI output. Run kirishima config to choose.

Serious: English, Português (BR), Español, Français, Deutsch, Italiano, 日本語, 中文, 한국어, Русский, العربية, हिंदी, Türkçe, Polski

Fun: Pirate English ☠️, L33tspeak, Português raiz 🇧🇷, Kirishima Mode 🗿, Minimalista (só emojis), UwU

To reset language: kirishima unconfig


License

MIT