npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

release-auditor

v0.1.4

Published

Deterministic release gate for AI-written code and coding agents.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

veyndraveyndra

Keywords

ai-agentscoding-agentscodexclaude-codemcpgithub-actionsrelease-gatecode-reviewagent-toolsai-code-reviewdeveloper-toolstypescript

Readme

Release Auditor

Release Auditor is a deterministic release gate for AI-written code.

It gives coding agents a deterministic way to ask:

Is this patch safe enough to ship?

It runs locally, needs no repository tokens, and makes no model calls.

Why

Coding agents are good at making changes. They are less reliable at knowing when a change is release-ready.

This tool gives agents a small, boring gate before they claim a patch is ready:

  • require test evidence
  • flag sensitive paths
  • flag possible secrets
  • flag common standalone provider tokens
  • warn on large changes
  • warn on missing rollback notes
  • return stable JSON and Markdown

The project is intentionally self-contained. It can later become a paid MCP tool, hosted API, GitHub Action, or CLI.

Self-Contained Development

This repository must not depend on private workspace internals, runtime state, secrets, or local machine paths. It is safe to develop, publish, and monetize independently.

Run the local boundary check before publishing or adding integrations:

npm run safety

The safety check fails if project files contain protected local paths, environment coupling, or unsafe symlinks into a private workspace.

Target

Autonomous coding agents with delegated authority to prepare, review, or merge code.

The human buyer is the budget holder, but the product surface is designed for agents:

  • structured JSON inputs
  • deterministic blocking rules
  • machine-readable risk output
  • concise next actions
  • Markdown output for PR comments

First Product

release-auditor starts as a CLI that reads an audit request JSON file and returns a release-readiness report.

Future surfaces:

  • MCP server exposing release_audit
  • HTTP API for paid usage
  • GitHub Action for PR checks
  • Pro policy packs sold as digital files

Production Policy Pack

The free CLI proves the local release gate works.

For stricter production and MCP-server release rules, see the early-access $5 Production Release Policy Pack.

The paid pack includes production release policies, MCP security checklists, PR comment templates, Codex instructions, and passing/failing examples.

Automated card checkout is temporarily disabled while payout setup is verified. See buying status.

Agent-native payment: x402 + USDC setup

Quick Start

npm install -g release-auditor
release-auditor --version
release-auditor --init > audit-request.json
release-auditor audit-request.json

Run a production-style example with fuller test, security, review, and rollback evidence:

release-auditor examples/production-release-request.json

Create a starter request for your own patch:

release-auditor --init > audit-request.json

Pipe a generated request directly from another agent or script:

release-auditor --init | release-auditor -

For a practical walkthrough from git diff --numstat to a complete request, see the audit request guide.

Passing output:

{
  "mergeReady": true,
  "riskLevel": "low",
  "blockingIssues": [],
  "warnings": []
}

For local development without a build step:

npm install
npm run dev -- examples/basic-request.json

Markdown output for PR comments:

npm run dev -- --format markdown examples/basic-request.json

Version check:

npm run dev -- --version

Starter request template:

npm run dev -- --init

Failing demo:

npm run dev -- examples/failing-request.json

Expected result: the failing demo exits with code 1 and reports missing tests, a sensitive path change, a possible secret, missing rollback evidence, and a large-change warning.

For a copy-paste validation path with expected results, see the 60 second demo.

GitHub Action usage:

- uses: veyndrasystems/[email protected]
  with:
    request: .agent-release-audit/request.json
    format: markdown

MCP server usage:

npm install -g release-auditor
release-auditor-mcp

See the MCP server guide for client configuration.

Exit codes:

  • 0: audit completed and mergeReady is true
  • 1: audit completed and blocking issues were found
  • 2: invalid CLI usage, JSON, or request shape

Request Shape

Minimum input:

{
  "summary": "Describe the patch.",
  "changedFiles": [
    {
      "path": "src/example.ts",
      "additions": 10,
      "deletions": 2
    }
  ],
  "evidence": {
    "tests": ["npm test"],
    "rollbackPlan": "Revert the patch."
  }
}

The CLI validates the request before auditing and prints actionable validation errors when the JSON shape is wrong.

Current Status

This is an early deterministic local CLI with no external model calls.

Repository Layout

src/
  auditor.ts       Core scoring and blocking checks
  cli.ts           CLI entrypoint
  types.ts         Shared request/response types
schemas/
  audit-request.schema.json
  audit-result.schema.json
examples/
  basic-request.json
  production-release-request.json
docs/
  PLAN.md
  MONETIZATION.md
  AGENT_CONTRACT.md

More Docs