npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

leash-agent

v0.1.0

Published

Keep your coding agent on a leash. Block destructive commands, cap runaway sessions, and get a tamper-evident replay log of everything your AI agent does — with one-command undo.

Readme


The problem

You let your coding agent run autonomously. It's brilliant 95% of the time. The other 5% it force-pushes over main, rm -rfs the wrong directory, overwrites your .env, or burns $40 looping on a bad idea — and you find out after.

Prompts that say "please be careful" don't help. The agent can ignore a prompt.

leash can't be ignored. It's wired into the agent's actual enforcement point — a PreToolUse hook — so it inspects every action before it executes and stops the dangerous ones cold.

What it does

  • 🛑 Blocks destructive actionsrm -rf //~/wildcards, git push --force, git reset --hard, DROP TABLE, terraform destroy, mkfs, fork bombs, curl … | sh, writes to .env / SSH keys / .git.
  • ⏸️ Caps runaway sessions — set a hard ceiling on actions per session.
  • 🧾 Records a tamper-evident log — every action chained with SHA-256, so leash verify proves nothing was edited, deleted, or reordered after the fact.
  • ↩️ Undoleash undo restores the last files the agent touched from snapshots.
  • 🖥️ Flight recorderleash report renders a shareable single-file HTML of everything the agent did.

It's zero-dependency (Node's built-in TypeScript + crypto) and local-first. Your code and logs never leave your machine.

Install

npm install -g leash-agent

Runs on stock Node 20+ — no flags, no runtime dependencies.

Quick start

# from your project root
leash init

leash init scaffolds .leash/ and prints a hook block. Drop it into .claude/settings.json (project) or ~/.claude/settings.json (global):

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash|Write|Edit|MultiEdit|NotebookEdit",
        "hooks": [{ "type": "command", "command": "leash hook" }]
      }
    ]
  }
}

Now run your agent. That's it.

🐕 leash blocked this: Force-push rewrites shared history. Use --force-with-lease, or push to a branch.

See what your agent did

leash status          # actions, blocks, chain integrity
leash log 20          # recent actions
leash report          # → .leash/report.html  (the flight recorder)
leash verify          # prove the log wasn't tampered with
leash undo 3          # restore the last 3 files the agent changed
leash check 'rm -rf ~/repo'   # dry-run any command against your policy

Configure (optional)

Everything works with safe defaults. To tune, edit .leash/leash.config.json:

{
  "deny": ["**/.env", "**/*.pem", "**/.git/**", "infra/prod/**"],
  "ask": ["**/migrations/**"],
  "blockCommands": true,
  "allowCommands": ["git push --force-with-lease"],
  "maxActionsPerSession": 300
}
  • deny / ask — file-path globs that block / hold writes for review
  • blockCommands — toggle the built-in destructive-command patterns
  • allowCommands — substrings that force-allow a command (escape hatch)
  • maxActionsPerSession — hard ceiling on actions (0 = unlimited)

How it works

agent wants to act
        │
        ▼
  PreToolUse hook ──► leash policy ──► allow │ ask │ BLOCK
        │                   │
        │                   └──► append signed receipt to .leash/ledger.jsonl
        ▼
   (allowed actions proceed; snapshots taken first, so they're undoable)

The policy engine and SHA-256 hash chain are battle-tested primitives — the same tamper-evident ledger pattern used in production agent-governance systems.

Why "tamper-evident" matters

The log is a hash chain: each receipt's hash includes the previous one. If the agent (or anyone) rewrites history to hide what it did, the chain breaks and leash verify tells you exactly where. Your record of what the agent did is one thing the agent can't quietly edit.

Roadmap

  • Per-command token/$ budgets (today: action-count caps)
  • Codex / Cursor / Gemini CLI first-class adapters
  • leash watch live TUI
  • Hosted team dashboard: shared policies, org-wide audit log, anomaly alerts

Run from a clone (no global install)

git clone https://github.com/goderash/leash && cd leash && npm install
npm run dev -- status
# hook command for settings.json:
#   node --experimental-strip-types --disable-warning=ExperimentalWarning /abs/path/leash/bin/leash.ts hook

Contributing

New destructive-command patterns, harness adapters, and bug fixes are very welcome — see CONTRIBUTING.md. Found a bypass? Please report it privately per SECURITY.md.

License

MIT. Put your agents on a leash — not in a cage.