npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

opencodecommit

v1.9.9

Published

AI commit, branch, PR, changelog, and CI scan tooling for CLI backends and direct provider APIs

Downloads

1,530

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

anttijalomakianttijalomaki

Keywords

gitcommitaicliapiciscannersecurityopencodeclaudecodex

Readme

OpenCodeCommit

AI commit messages should not require copy-pasting diffs into chat windows, leaking secrets by accident, or fighting a different tool for every backend.

OpenCodeCommit gives you one local workflow for commit messages, branch names, pull request drafts, changelog entries, and CI secret scanning. It runs in VS Code / VSCodium, as the occ CLI, as a terminal TUI, and as a GitHub Action.

Before a prompt is sent to any AI backend, OpenCodeCommit scans the diff locally for secrets, credential files, private keys, source maps, and other sensitive artifacts.

  • Open VSX
  • VS Code Marketplace
  • npm
  • crates.io
  • GitHub

Why It Exists

Good commit history is useful only if writing it is cheap enough to do every time.

OpenCodeCommit is for teams and solo developers who want:

  • specific commit messages that match the repository's recent style
  • PR drafts and changelog entries without another browser round trip
  • local-first safety checks before any diff reaches an AI provider
  • one config shared by the extension, CLI, TUI, and CI scanner
  • fallback across Codex, OpenCode, Claude, Gemini, hosted APIs, and local OpenAI-compatible endpoints

Install

Extension:

  • Search for OpenCodeCommit in VS Code or VSCodium

CLI:

cargo install opencodecommit
# or
npm i -g opencodecommit

Optional CLI backends:

npm i -g @openai/codex
npm i -g opencode
npm i -g @anthropic-ai/claude-code
npm i -g @google/gemini-cli

Direct API backends are also supported for OpenAI, Anthropic, Google Gemini, OpenRouter, OpenCode Zen, Ollama, LM Studio, and custom OpenAI-compatible endpoints.

Use It

VS Code / VSCodium:

  1. Open Source Control.
  2. Click the sparkle action.
  3. Use the occ menu for refine, branch, PR, language, backend, config, and diagnose actions.

Terminal:

occ tui
occ commit
occ commit --backend codex --dry-run --text
occ branch --dry-run
occ pr --backend openrouter-api --text
occ changelog --text

CI and local scanning:

occ scan --format text
occ scan --format sarif --output occ-scan.sarif
occ guard install
occ git commit -m "manual draft"
occ evidence install --profile samd
occ evidence snapshot

What You Get

  • Commit generation that can adapt to recent commit style or force conventional commits.
  • Branch names, PR drafts, and changelog entries from the same context pipeline.
  • A terminal TUI with backend picks, diff view, output panels, and file staging.
  • Local sensitive-content scanning with warn, block-*, and strict-* enforcement modes.
  • A repo-local Git guard that routes raw git commit messages through OCC using prepare-commit-msg.
  • Optional repo-local evidence sidecars for samd and all-in defence profiles, referenced by compact OCC-Evidence trailers.
  • CI output as text, JSON, SARIF, or GitHub annotations.
  • Built-in language templates for English, Finnish, Japanese, Chinese, Spanish, Portuguese, French, Korean, Russian, Vietnamese, and German.

Privacy And Security

OpenCodeCommit has no hosted service and no telemetry. Diffs and file context are processed locally first, then sent only to the backend you configure.

The scanner can block provider tokens, webhooks, credential-bearing connection strings, .env* files, key stores, private keys, source maps, and other high-risk artifacts before generation runs.

See SECURITY.md for vulnerability reporting and data-flow details.

Configuration

~/.config/opencodecommit/config.toml is the shared config for the CLI, TUI, and extension. The extension syncs VS Code / VSCodium settings with that file.

Override the path with OPENCODECOMMIT_CONFIG.

Start here:

CI/CD

Use the bundled GitHub Action:

- uses: Nevaberry/opencodecommit@v1
  with:
    enforcement: block-high
    upload-sarif: true

Examples are available for GitHub Actions, Azure Pipelines, and GitLab CI.

Contributing

OpenCodeCommit intentionally tests against both deterministic unit paths and real AI backends. See CONTRIBUTING.md for setup, verification, and live E2E commands.

License

MIT