npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

prquicktest

v2.0.1

Published

Run code blocks from GitHub PR descriptions

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mrmurphymrmurphy

Keywords

githubpull-requestprtestclicode-blocksmarkdown

Readme

prquicktest

Run code blocks from the "Testing" section of GitHub PR descriptions.

Install

npm install -g prquicktest

Or run directly:

npx prquicktest https://github.com/owner/repo/pull/123

Usage

prquicktest <pr-url>           # Fetch PR and run test code blocks
prquicktest <file.md>          # Run from local file
prquicktest -y <pr-url>        # Skip confirmation prompt

How It Works

Only executes code blocks found under a Testing, Tests, or Test header (any level: #, ##, ###, etc.). The section ends when another header of equal or higher level appears.

Example PR Description

## Summary
This PR adds a new feature.

## Testing
Run the tests:

```bash
npm test

Verify the build:

npm run build

Deployment

This section is ignored.


Running `prquicktest <pr-url>` will only execute the two bash blocks under "Testing".

## Shared Environment

All code blocks run sequentially in a **single persistent shell session**. Environment variables, working directory changes, and other shell state automatically persist across blocks.

### Export-only blocks

Blocks that contain only `export` statements run automatically without prompting. This is useful for setup blocks that configure environment variables for subsequent tests.

### Example with shared environment

```markdown
## Testing

### Setup environment
```bash
export BASE_URL="https://my-preview.onrender.com"

Test 1: Check health endpoint

curl -s "$BASE_URL/health" | jq .

check: Response status is 200

Test 2: Check API

curl -s "$BASE_URL/api/v1/status" | jq .

check: Response contains "ok"


The setup block runs silently and sets `BASE_URL`, which is then available in both test blocks.

## Supported Languages

| Language | Aliases |
|----------|---------|
| Bash | `bash`, `sh`, `shell`, `zsh` |

Code blocks with other language tags (e.g., `javascript`, `python`) are skipped with a warning.

## Security

**prquicktest executes arbitrary code from PR descriptions on your machine.** Review all code blocks before running them.

- Each code block is shown before execution, and confirmation is required (unless `-y` is used).
- All blocks execute in a single shell session. State set by earlier blocks (environment variables, working directory, aliases) affects all subsequent blocks. A malicious PR could set variables like `PATH`, `LD_PRELOAD`, or `NODE_OPTIONS` in an early block to influence later blocks.
- The shared shell doesn't fundamentally change the threat model — if you run the code, you're already trusting it. The `-y` flag is especially dangerous since it skips per-block confirmation.
- Export-only blocks (containing only `export` statements) run automatically without prompting. Review the PR description to ensure these are safe.

## Requirements

- Node.js 18+
- [GitHub CLI](https://cli.github.com) (`gh`) installed and authenticated

## License

MIT