npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

orion-archi

v0.1.1

Published

Production readiness CLI - analyze any codebase for security, testing, CI/CD, and more

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

chiefhypechiefhype

Keywords

productionreadinessanalysissecuritytestingcicddevopscode-qualitycli

Readme

Orion

Paste a repo, find out how many users your code can handle before it breaks.

how it works

Orion fetches your actual code, reads it, and runs it in a sandbox.

  1. fetches all files from the GitHub repo via API
  2. reads the code with Claude (not just metadata -- it reads your route handlers, middleware, database config)
  3. runs 12 category analyzers on the real file contents (security, testing, backend, database, auth, deployment, etc.)
  4. estimates capacity by analyzing your architecture -- connection pool sizes, caching layers, worker config, scaling setup -- against known infrastructure benchmarks
  5. compiles your code in an E2B sandbox to prove it builds
  6. runs Semgrep (AST-level security scanner) against your code with OWASP rules -- finds real vulnerabilities with CWE references and line numbers
  7. runs your test suite in the sandbox, parses pass/fail counts and coverage
  8. mutation tests your code with Stryker to prove your tests actually catch bugs
  9. load tests with k6 to measure actual concurrent user capacity

each level builds on the previous. you choose how deep to go.

verification levels

| level | what happens | cost | |---|---|---| | static | pattern analysis + Claude reads code + capacity estimation | ~$0.03 | | compile | + compiles in sandbox + Semgrep AST security scan | ~$0.05 | | test | + runs test suite, parses coverage | ~$0.08 | | mutation | + Stryker mutation testing (proves test quality) | ~$0.20 | | load | + k6 load testing (measures real user capacity) | ~$0.50 | | full | all of the above | ~$0.60 |

quick start

# web
npm install
cp .env.example .env.local   # fill in keys
npm run dev

# cli (no account needed)
npx orion-archi .

cli

npx orion-archi .
npx orion-archi /path/to/project

scans local files, detects stack, scores 8 categories, outputs a ship/no-ship verdict. no sign-up needed.

published on npm as orion-archi.

what the output looks like

for a real scan of a Node.js project:

  • score: 39/100
  • altitude: Runway (50 users)
  • bottleneck: single-threaded http.createServer() with no clustering
  • capacity factors: in-memory state (500 user limit), no caching (100 user limit), no container config (50 user limit)
  • compile: builds successfully, 0 errors
  • semgrep: 16 findings -- XSS via innerHTML, ReDoS from non-literal RegExp, hardcoded JWTs, missing subresource integrity -- each with CWE, OWASP mapping, file path, and line number

tech stack

  • Next.js 16 (App Router, Turbopack)
  • TypeScript (strict mode)
  • Prisma + PostgreSQL (Neon)
  • Claude (Haiku for analysis and capacity estimation, Sonnet for code generation)
  • E2B sandboxes for compile/test/mutation/load verification
  • Semgrep CE for AST-level security scanning
  • Stripe for subscriptions
  • React Three Fiber + postprocessing for 3D visuals
  • Tailwind CSS + Framer Motion
  • deployed on Vercel at orion.archi

environment variables

see .env.example for the full list. required:

  • DATABASE_URL -- PostgreSQL connection (pooled)
  • DATABASE_URL_UNPOOLED -- PostgreSQL direct connection
  • NEXTAUTH_SECRET -- session encryption key
  • GITHUB_CLIENT_ID / GITHUB_CLIENT_SECRET -- GitHub OAuth app
  • ANTHROPIC_API_KEY -- Claude API
  • STRIPE_SECRET_KEY / STRIPE_PRICE_ID / STRIPE_WEBHOOK_SECRET -- Stripe
  • E2B_API_KEY -- E2B sandbox (free tier: $100 credits, no credit card)

tiers

| | Free | Pro ($29/mo) | |---|---|---| | scans/month | 3 | unlimited | | findings shown | top 2 | all | | verification | static only | compile + test | | mutation/load | no | yes | | PDF export | no | yes |

license

MIT