npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

prodverdict

v0.14.1

Published

CLI for ProdVerdict - deterministic production contract checks for AI-assisted SaaS

Downloads

1,245

Readme

ProdVerdict

Your billing says paid. Your app might disagree.

ProdVerdict checks production contracts — the billing, access, config, migration, webhook, and recovery rules your SaaS must not break after AI-assisted changes. Rules only. No LLM in the evaluation path; missing credentials fail closed.

Website: prodverdict.com / Docs: prodverdict.com/docs

npm GitHub Marketplace CI License: MIT

60-second demo

No credentials required:

npx prodverdict demo

You should see a FAIL verdict: a canceled subscription still has paid access in the bundled fixture (wrongful-access scenario). Try the inverse with --scenario revenue-leak.

Agent setup

Tell your AI agent: "Set up ProdVerdict for this repo."

npx prodverdict setup --yes --format agent --from-env

Writes prodverdict.yml, scheduled workflow, Cursor MCP config, and agent skills. Wires credentials from .env.local when present.

Install skills globally (optional):

npx skills add prodv-dev/prodverdict-sdk@prodverdict-setup -g -y
npx skills add prodv-dev/prodverdict-sdk@prodverdict-verify -g -y

MCP tool: bootstrap_prodverdict. See AI agent setup.

Schedule Access verification

Access is strongest for custom Stripe, Paddle, or Postgres billing state where webhooks, database rows, and app access gates can disagree after production events.

npx prodverdict scheduled --install

Set repo secrets: STRIPE_SECRET_KEY or PADDLE_API_KEY, DATABASE_URL, and optionally SLACK_WEBHOOK_URL.

See scheduled vs PR.

Contracts

| Contract | Role | |----------|------| | Access | First shipped money-path contract for custom Stripe/Paddle/Postgres billing state | | Config | Env var drift (process.env vs .env.example) | | Migration | Schema migration safety | | Boundary | Mass-assignment / sensitive field scan | | Webhook | Signature verification + idempotency lint | | Restore | Backup/restore smoke in CI | | Entitlements migration | Stripe Entitlements migration verifier | | Clerk Gates | Clerk Billing plan/feature gates in money-path routes |

npx prodverdict check access --config prodverdict.yml
npx prodverdict check all --format agent

Usage limits, credits, seats, and deeper permission contracts are roadmap validation areas. Do not configure them as shipped contract types today.

Managed billing and Clerk

Pure Clerk Billing apps are not the main current Access ICP because Clerk manages plans and subscriptions separately from Stripe Billing. Use clerk-gates for Clerk Billing plan/feature gate verification. Use Access where your app owns custom billing state or access rows. Usage limits, credits, seats, and deeper permissions remain planned validation targets.

Integrations

CLI - npx prodverdict check [contract] / demo / scan / setup / status / doctor

The CLI sends anonymous command telemetry for npm/npx usage: command name, version, package-manager hint, CI flag, platform, exit code, and safe option metadata such as contract, stack, and format. It does not send raw args, cwd, env values, secrets, findings, billing rows, or customer PII. Disable it with PRODVERDICT_TELEMETRY=0, PRODVERDICT_DISABLE_TELEMETRY=1, or DO_NOT_TRACK=1.

GitHub Action - Marketplace

- uses: prodv-dev/[email protected]
  with:
    config: ./prodverdict.yml
    contract: access   # access | config | migration | boundary | webhook | restore | entitlements-migration | clerk-gates | all
  env:
    STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }}
    DATABASE_URL: ${{ secrets.DATABASE_URL }}

Local MCP - npx @prodverdict/mcp with billing and database secrets in env. Tools: bootstrap_prodverdict, doctor, check_all_contracts, check_access_contract, and per-contract checks.

Remote MCP (Pro) - prodverdict.com/api/mcp for config/migration/boundary/webhook without billing secrets on cloud. Access stays local only.

Examples

npx prodverdict scan

| Example | Stack | |---------|-------| | nextjs-stripe | Next.js + Stripe | | supabase-stripe | Supabase + Stripe | | paddle-stripe | Paddle + Postgres | | rails-stripe | Rails + Stripe |

Fixture demos: node examples/nextjs-stripe/run-demo.mjs after npm run build.

Development

npm install && npm test && npm run build

Docker test env (no Stripe account): see test-env/README.md.

Documentation

License

MIT - see LICENSE.