npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

readtheplan

v0.0.1

Published

Terraform plan risk explainer — reads `terraform plan` and classifies each change as safe/review/dangerous/irreversible. Pre-MVP namespace placeholder.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

texasichtexasich

Keywords

terraformiacdevopsdevsecopscomplianceinfrastructure-as-codeplanreviewrisk

Readme

readtheplan

Read the plan. Every time. For real.

readtheplan is a Terraform plan risk explainer. It reads terraform plan output, classifies each change as safe / review / dangerous / irreversible based on the action × resource type × what compliance context it touches, and posts a markdown summary your release manager (or auditor, or AI agent) can read in 30 seconds.

status

🚧 Pre-MVP. This namespace is locked but no functional release exists yet. Watch / star to follow.

why this exists

Terraform's plan/apply separation exists so a human reviews changes before they hit prod. In practice:

  • the diff in code ≠ the diff in plan (renames show as destroy+create, provider bumps mutate untouched resources, apply_immediately flips have hidden timing implications)
  • AI agents now write Terraform PRs — most don't read the plan critically, they apply because "the test passed"
  • compliance reviewers (FinServ, healthcare, government) need a structured risk classification, not a 4,000-line text blob
  • existing tools either show prettier plans (Spacelift, env0) or scan code for policy violations (tflint, tfsec, checkov). Nobody opinionates the plan diff with blast-radius context.

philosophy

Anchored in this field note: terraform-apply-is-roulette. If you've ever shipped a panic on terraform validate or watched a forward-fix cascade into a longer outage, this tool is built for you.

planned MVP scope

  1. CLI: readtheplan analyze plan.json → markdown table of changes with risk levels
  2. plain-english explainer per resource type (top ~30 high-risk patterns covered out of the box: KMS, IAM, RDS replacements, S3 bucket destroys, EKS node-group replacements, route53 zone deletes, network ACL strips)
  3. AI-agent attestation header — flag whether an agent claims to have read the plan
  4. GitHub Action wrapper: install as uses: readtheplan/action@v1, posts a markdown PR comment
  5. YAML rule customization: define org-specific rules ("anything in account 1234 is review")

what's not in scope (and won't be)

  • multi-cloud beyond AWS (initial focus)
  • a SaaS dashboard (defer until revenue justifies)
  • a policy-as-code engine (OPA / Sentinel already exist)
  • competing with Spacelift / env0 / Snyk IaC on overlapping features

license

MIT — see LICENSE.

contact

OSS contributions welcome once the v0.1 lands. Until then, this is a namespace placeholder. Author: @texasich.