npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

proven-cli

v1.0.6

Published

CLI tool to enforce quality policies on modules in your project

Downloads

31

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

lud77lud77

Keywords

Readme

Why?

One of the strenghts of the Javascript world is that it gives us access to an infinite ecosystem of modules. This great flexibility of course comes with many risks: your project could become tied to libraries that provide no guarantees, that are maintaned by developers in their spare time, that could become unsupported at any time, that don't have the possiblity to promptly receive fixes when a bug or exploit is found in their code.

Other languages solve this problem by embedding most functionality in the core or by relying on well-know organisations, but if we are to safeguard the plurality that made the Javascript community what it is today, we should look for a different solution.

What is proven?

proven is a CLI tool to enforce module quality requirements for the dependencies in your project. With proven you can easily implement a set of rules that third-party modules must withstand to be accepted as dependencies in your projects.

proven will go through all the dependencies in your project and give you warnings if it finds that any of the modules being used are obsolete, or not being actively maintained, or don't have a big enough community taking care of them, or yet if they make use of modules not compatible with your rules.

Documentation

CLI options

By default, only the modules listed in the dependencies field of the package.json file will be checked.

  • d, --directory <dir> Scan the target directory instead of the CWD
  • -c, --config <config> Load the specified config file instead of the default one
  • -r, --recursive <depth> Check dependencies recursively up to a certain depth
  • -s, --silent Produce exit code 0 in case of failure
  • --skip-deps Don't check modules listed in dependencies
  • --check-dev-deps Check modules listed in devDependencies

.provenrc file

This is the default configuration file that tells proven what criterias and limits you want to enforce.

It must be specified in JSON format, such as:

{ "maxAge": 300, "minMaintainers": 1, "minVersions": 5, "repoRequired": true, "allowedLicenses": "any spdx" }

If the file is specified, all fields must be provided.

maxAge

number

Specifies the max number of days since last publication.

minMaintainers

number

Specifies the minimum amount of contributors. Setting a number greater than 1 in this field helps reducing the Bus Factor.

minVersions

number

Minimum amount of times the project has been updated.

repoRequired

true or false

Whether the repository field has been provided.

allowedLicenses

array or string

It can either be:

  • an array with the list of SPDX licenses to be considered valid;
  • a string with the value any spdx to accept any valid SPDX expression;
  • or a string with the value any to accept any value.

docsRequired

true or false

When set to true, requires the project to have either the homepage field or the man field set.

.provenignore file

This file can be used to list modules that you want to "allow" regardless of their quality assessment. proven will never yield a warning for a module listed in this file.