npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

ncc-sidecar

v1.2.2

Published

Multi-service NCC-06 discovery manager

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

0xx0lostcause0xx00xx0lostcause0xx0

Keywords

Readme

NCC-06 Sidecar Manager

NCC-06 Sidecar keeps your services (relays, APIs, media, etc.) discoverable on Nostr by continuously maintaining NCC-02/NCC-05 records, probing multiple network interfaces, and publishing authentication-ready metadata whenever endpoints or certificates change.

Highlights

  • Service-agnostic change detection watches IPv4, IPv6, and Tor endpoints, TLS fingerprints, and profile metadata so only meaningful updates result in new NCC records.
  • Modern remote administration uses NIP-46 (Nostr Connect) while still providing the manual npub/nsec paths, admin alerts, and a local guard that can enforce “localhost only” unless explicitly relaxed.
  • Secure admin notifications now send straight-up NIP-44 encrypted DMs (no wrappers) so recipients using legacy clients can still decrypt onion or TLS updates.
  • TypeScript-friendly tooling adds tsc --noEmit plus an incremental tsconfig.json, giving you zero-effort typechecking for the existing JS codebase alongside ESLint/Lint scripts.
  • Production installer automates Node download, systemd unit creation, and database placement while also exposing update/reinstall/remove commands for maintenance.

Getting started

  1. Prepare your environment

    • Install Node.js 24+ (LTS), npm, and optionally tor with control port access (default 9051).
    • Open ports 3000 (REST API/UI) and 5173 (UI dev server) locally unless you plan to use the installer’s NCC_SIDECAR_ALLOW_REMOTE flag.

  2. Install dependencies

    npm run setup
cd ui && npm install

  3. Build and run

    npm run build
npm start

    Visit the printed URL (usually http://127.0.0.1:3000) to complete the web-based provisioning wizard: connect an admin via NIP-46, authorize the Sidecar Node, then add any custom service profiles.

  4. CLI shortcuts

    • npm run first-run – reset and re-run the provisioning flow.
    • npm run reset – delete sidecar.db, certificates, and service logs.
    • npm run test – run the unit/integration test suites.
    • npm run lint – enforce ESLint rules.
    • npm run typecheck – run tsc --noEmit against src//test//scripts/.

Core workflows

  • Managing services from the UI

    • Each card displays the service identifier (d, npub), discovered endpoints per family, TLS fingerprints, and last publish time.
    • The profile editor shares the same familiar controls for secrets, endpoint rotation, TLS regeneration, and recipient management – all actions trigger a publish cycle with helpful log metadata.
    • Use the “Force Connection” modal to validate admins manually (via npub hex or nsec) when remote clients struggle.

  • Publication relays & logs

    • Publication relays are shared across services; update them once through the “Publishing Relays” modal under the hamburger menu.
    • System logs now expand with rich metadata: event IDs (NCC-02/NCC-05/kind-0), locator payloads, TLS fingerprints, and per-relay publish results.
    • Log entries become actionable when you click them, showing details like reason, publicationRelays, and privateRecipients.

  • Nostr list backups

    • Use the “Nostr list backup” controls on the database card to export a signed Generic List (kind 30001) event that captures sanitized services, recipients, and app settings without leaking secrets.
    • Paste the event back into the same UI or POST it to /api/backup/list to restore matching services (by service_id) and app settings; the endpoint validates the signature before applying the update so only the authorized sidecar identity can perform restores.
    • The backup event is published automatically whenever the sidecar detects configuration changes, and the UI pulls the most recent list as soon as you log in, with built-in throttling so relay traffic stays reasonable.

  • Remote signer & notifications

    • The remote signer (Amber, Nex, Bunker) handshake shows a QR code, relay health, and logs; the relay list is configurable and can fall back to any working wss:// endpoints.
    • Admin alerts (e.g., onion rotations) are delivered as direct NIP-44 messages, so clients that only speak “Legacy Standard” still decrypt the updates.

Installation options

  • From source (development)

    npm run setup
npm run build
npm start

  • Production installer

    cd ncc-sidecar
sudo ./scripts/install-sidecar.sh [command] [flags]

    Commands: install, update, reinstall, remove. Flags configure install dir, data dir, service user, publication relays, NCC_SIDECAR_ALLOW_REMOTE, and even the npm package to deploy. The script bundles Node.js 24+ automatically if your machine lacks it.

Tooling & validation

  • npm run lint – run ESLint across src/ and test/.
  • npm run typecheck – execute tsc --noEmit using the provided tsconfig.json. (It runs in JS mode but keeps incremental artifacts in tsconfig.tsbuildinfo.)
  • npm run test – run the built-in database, integration, and web tests to ensure services publish correctly, change detection works, and the UI flow completes.

Architecture & security

  • Sidecar daemonsrc/app.js, builder.js, publisher.js, and inventory.js handle probing, change detection, and NCC-02/05 record generation.
  • Admin APIsrc/web.js exposes REST endpoints for services, relays, database management, and TLS/key regeneration.
  • Databasebetter-sqlite3 backfills config, service, and log tables in sidecar.db.
  • Security – TLS fingerprints (k tags), NIP-44 encrypted DMs for admin notifications, and optional DB password protection keep the environment auditable and locked down.

Support

  • read-logs.js and check-services.js help diagnose issues outside the UI.
  • Browser extensions (Firefox + Chromium) fetch NCC-02 records from relays to visualize service metadata and TLS fingerprints.
  • If you run into problems, the system logs and annotated publish metadata provide insight into which relay, event, or endpoint misbehaved.