npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

packshell

v0.2.1

Published

Encrypted .env sync for developer teams. Zero plaintext, zero trust.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sachinwhocodessachinwhocodes

Keywords

envdotenvsecretssecrets-managementencryptionclidevopsenvironment-variables

Readme

packshell

Encrypted .env sync for developer teams. Zero plaintext, zero trust.

packshell keeps your .env files in sync across a team without a secret ever leaving a developer's machine in plaintext. Your environment is encrypted locally with a project key using AES-256-GCM; only the resulting cipher blob is uploaded. The project key itself is shared per-member by wrapping it with each teammate's RSA-4096 public key, so the server only ever stores ciphertext it cannot read.

This repository is the open-source command-line client — the part that touches your secrets, so you can audit exactly what happens to them. The hosted sync platform is a separate service at packshell.acadable.com.

Install

npm install -g packshell

Requires Node.js 20+.

Quickstart

# connect this machine to your account
packshell auth

# link a project in your repo (generates the project key locally)
packshell init

# encrypt your .env and push the first version
packshell push

# on another machine that has access
packshell pull

Commands

| Command | Description | | --- | --- | | packshell auth | Log in through the website and connect this CLI. | | packshell init [name] | Create or link a project in the current directory. | | packshell push | Encrypt the local env file and push a new version. | | packshell pull | Pull and decrypt the latest version to disk. | | packshell diff | Show key-level changes vs remote — without revealing values. | | packshell watch | Auto-pull when a newer remote version appears. | | packshell invite <email> | Invite a teammate and share the project key when possible. | | packshell share <email> | Share the current project key with an existing member. | | packshell join <code> | Join a company using an invite code. | | packshell redeem <code> | Redeem a plan code for a company. | | packshell status | Show login and project status. | | packshell logout | Remove the local CLI session. |

Run packshell <command> --help for the full option list of any command.

Configuration

By default the CLI talks to the hosted packshell API. To point it at a self-hosted deployment, set the API origin:

export PACKSHELL_API_URL="https://packshell.your-company.com"

auth also accepts --api <url>.

Security model

  • Environment encryption: AES-256-GCM over the full .env.
  • Key wrapping: RSA-OAEP, 4096-bit, SHA-256 — the project key is wrapped per member.
  • Integrity: a SHA-256 checksum per version detects changes without revealing contents.
  • The server never sees plaintext, secret values, project keys, or your private key.

Your private key stays on your machine. Because decryption depends on it, packshell cannot recover your secrets if you lose it. See SECURITY.md.

License

MIT © Acadable Labs

Built by Acadable Labs.

Development

npm install
npm test          # runs the node:test suite (no external test deps)

Tests cover the crypto round-trips (AES env encryption, RSA key wrapping), config & atomic file writes, API-URL resolution, and the network layer (timeouts, retries, and error mapping) with a mocked fetch.

Set PACKSHELL_HOME to relocate the CLI's config and keys (used by the tests to avoid touching your real ~/.packshell).