npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

maturity

v1.0.2

Published

A local, branch-less dependency updater with a safety release delay.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

flubbflubb

Keywords

updaterdependenciesnpmmaturitysafelocal

Readme

maturity

A local, branch-less dependency updater for Node.js projects with a built-in safety release delay.

Why maturity?

Most dependency updaters (like Renovate or Dependabot) are designed as server-side services. maturity is a lightweight CLI tool designed to run locally, updating your package.json directly without creating branches.

Security First

In recent years, the npm ecosystem has seen an increase in supply-chain attacks, where popular packages are compromised to include malware. These malicious versions are often detected and pulled from the registry within hours or a few days.

maturity protects you by enforcing a Release Delay: It only suggests updates for versions that have been out for at least 1 day (configurable). This "cooldown period" ensures that you don't accidentally install a freshly compromised version before the community or security audits have had a chance to flag it.

Features

  • Local-first: No remote platform required.
  • Safety Delay: Only updates to versions at least 1 day old (default).
  • Customizable: Use --days=N to change the safety window.
  • Major Upgrades: Optional support for major versions via --major.
  • Major Safety: Automatically stays within the same major version by default.
  • Major Reporting: Shows you available major upgrades at the end of the run.
  • Peer Dependency Friendly: Uses --legacy-peer-deps to handle complex dependency trees.

Installation

# Run without installing
npx maturity

# Or install globally
npm install -g maturity

Usage

Simply run the command in your project root:

maturity

Customizing the Delay

To use a 3-day delay instead of the default 1 day:

maturity --days=3

Allowing Major Upgrades

By default, maturity only suggests minor and patch updates. To allow major upgrades (e.g., v5 -> v6):

maturity --major

Integration in package.json

Add it to your scripts to make it part of your workflow:

{
  "scripts": {
    "update": "maturity --days=3"
  }
}

Now you can just run npm run update.

How it works

  1. Reads your package.json.
  2. Fetches metadata from the npm registry for each dependency.
  3. Identifies the latest version released within your safety window (default: 1 day).
  4. Updates package.json if a newer "mature" version is found.
  5. Runs npm install --legacy-peer-deps to update your lockfile.

License

MIT