npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

nexvora

v0.4.16

Published

NexVora — one binary for the MCP server, CLI, and donor daemon. Single login, run anything.

Downloads

7,848

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

nexvora-adminnexvora-admin

Keywords

nexvoramcpmodel-context-protocolclaudeclidonorai

Readme

nexvora

One binary for everything NexVora: the MCP server, the CLI, and the donor daemon. One install, one login, different commands.

npm install -g nexvora

That is the only install command. The native engine ships inside this package (via a per-platform optional dependency); npm downloads only the binary for your OS/CPU. No second package, no separate daemon to install.

Quick start

npm install -g nexvora
nexvora "summarise the file at ./report.md"   # first run opens your browser to log in once

For end-to-end-encrypted task results that you can fetch later (and that the platform can never read), set an encryption passphrase once:

nexvora vault setup        # prompts for a passphrase; creates + caches your key

That's it. Everything else is just a different first word.

One command does each job

nexvora "summarise RFC 9110"     # one-shot: run a prompt, get the answer, done
cat notes.txt | nexvora          # prompt from stdin
nexvora donor                    # join the donor pool (long-running)
nexvora mcp                      # MCP server over stdio (for Claude Code / Cursor / etc.)
nexvora vault setup|unlock|lock  # manage your encryption vault (see below)
nexvora logout                   # clear local credentials
nexvora daemon stop              # stop the background user daemon

You never run a separate login step. The first command that needs an account opens your browser for a one-time approval (OAuth Device Grant) and stores the token in your OS keychain. Every mode shares that one login.

MCP host config (zero extra commands)

Point your MCP host at the same binary — npx installs it on first use:

{
  "mcpServers": {
    "nexvora": { "command": "npx", "args": ["-y", "nexvora", "mcp"] }
  }
}

After a global install you can use { "command": "nexvora", "args": ["mcp"] }.

Tasks submitted from an MCP host run on a donor with your local project context (CLAUDE.md, your MCP servers, hooks) and are end-to-end encrypted. nexvora_submit_task returns immediately with a Task ID; fetch the answer with nexvora_task_result (it streams the output so far while the task is still running, and serves the final result even after a daemon restart once your vault is unlocked).

Encryption vault (end-to-end results)

Your task prompt and result are sealed so the platform can't read them. The key that opens them is protected by a passphrase that never leaves your machine.

nexvora vault setup     # first time: choose a passphrase, creates the vault
nexvora vault unlock    # on a new device: re-derive + cache the key
nexvora vault lock      # drop the cached key from the OS keychain
  • The passphrase is separate from your account login (the daemon never sees your account password — it logs in via Device Grant).
  • Account recovery is ON by default: if you forget the passphrase, an admin can recover your key via escrow on a verified, audited request. Turn it off for maximum privacy (then a lost passphrase means lost history).

Sessions: single vs long-running

Your login (the rotating refresh token in the keychain) persists until you logout. The single-vs-long-running choice controls the session key — the ephemeral per-task crypto material — and how long the background daemon lives.

| Mode | Session key | Idle timeout | |------|-------------|--------------| | One-shot (nexvora "…") | created, torn down after the task | short (daemon quits soon after) | | Donor (nexvora donor) | per task you serve, per direction | long-running | | MCP (nexvora mcp) | warm across tool calls | 10 min (keeps the daemon warm) |

  • Override the idle window: nexvora-daemon --mode user --idle 1800 (seconds), or the NEXVORA_IDLE_TIMEOUT_SECONDS env var. 0 keeps the daemon up until nexvora daemon stop.
  • End a foreground task immediately with Ctrl-C; stop the background daemon with nexvora daemon stop.

Admin commands

# create + install the platform escrow key (once). --admin-secret is your
# backend's X-Admin-Secret (or set NEXVORA_ADMIN_SECRET); it authorises the
# /admin call. The separate "admin credential" it then prompts for seals the
# escrow key locally and never leaves your machine.
nexvora escrow init --admin-secret <X-Admin-Secret>

# decrypt a disputed result via escrow (audited)
nexvora dispute open <delegation> --admin-secret <X-Admin-Secret>

You must be logged in as an ADMIN account (nexvora login). Both prompt for the escrow admin credential locally; the server never decrypts.

Updating

npm install -g nexvora@latest    # or: npm update -g nexvora

The native binary updates with the package. Your login and vault stay in the OS keychain across updates — no re-login or re-setup needed.

How it ships (for maintainers)

This package is a small launcher (bin/nexvora.js) that resolves and execs the native binary. The binary lives in one of:

@nexvora/cli-darwin-arm64, @nexvora/cli-darwin-x64, @nexvora/cli-linux-x64, @nexvora/cli-win32-x64

each gated by os/cpu so npm installs exactly one. Each platform package carries two binaries — nexvora (the entry point the launcher execs) and nexvora-daemon (the engine it finds as a sibling).

Releasing (see docs/operations/release-and-deploy.md): push a tag nexvora-v<version>. CI (.github/workflows/nexvora-cli-release.yml) cross-compiles all four targets, runs scripts/package-binaries.mjs to stage the binaries + sync versions, publishes the platform packages first, then this launcher last (npm publish --provenance).

@nexvora/mcp-server (the TypeScript server) keeps working as before; pass --native or NEXVORA_MCP_NATIVE=1 to make it delegate to the native nexvora mcp during cutover.

License

UNLICENSED © NexVora