npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

repoguardian

v0.3.0

Published

Turn AI coding assistants into repository-aware senior engineers. Free, local-first, zero API keys.

Readme

🛡️ RepoGuardian

Turn AI coding assistants into repository-aware senior engineers.

Free · Local-first · Zero API keys · Works in any IDE

Vision · Architecture · Security · Commands · Usage · Roadmap · FAQ


The Problem

Today's AI coding assistants are powerful, but they don't understand your specific repository.

When you write:

Build authentication

…the assistant generates code, but it doesn't automatically know your:

  • Existing architecture
  • Security patterns
  • Folder conventions
  • Coding standards
  • Database relationships
  • Dependency risks
  • Testing strategy
  • Past team decisions

The result:

Good code  ≠  Good code for THIS repository

The Idea

RepoGuardian is an intelligence layer between your repository and your AI assistant. It does not replace Claude, GPT, Cursor, or Copilot — it gives them the context and senior-engineer judgment they normally lack.

Developer
    │
    ▼
RepoGuardian   ← indexes & analyzes your repo locally
    │
    ▼
AI Assistant   ← your existing Claude Code / Cursor / Copilot / …
    │
    ▼
Code           ← now repository-aware

Most AI tools answer "What should I code?" RepoGuardian answers "How should THIS repository evolve, safely?"

How it stays free and secure

RepoGuardian never runs its own LLM and never needs an API key. It:

  1. Analyzes your repo locally with deterministic static analysis (stack, dependencies, secrets, conventions, test gaps, unused/dead code).
  2. Builds a local knowledge index in .repoguardian/.
  3. Generates prompt personas — specialized "agents" (Architecture, Security, Testing, Performance, Documentation) that your existing assistant runs, fed with your repo's real context.

Nothing leaves your machine by default. No telemetry. Open source. See SECURITY.md.

Install

Once published, install will be a one-liner:

npx repoguardian init
# or
bunx repoguardian init

This scans the repo, builds the local index, and wires up /guardian commands for the AI assistants it detects.

Local development

Not published yet — run it from source:

npm install        # dev deps only (TypeScript, Vitest) — zero runtime deps
npm run build      # compile src/ → dist/
npm test           # run the analyzer test suite

# run against any repo:
node dist/cli.js init --path /path/to/your/repo
node dist/cli.js init --all          # generate every assistant adapter
node dist/cli.js status              # show what's indexed
node dist/cli.js init --dry-run      # preview without writing

Status: Working tool, published on npm. The CLI (init, update, status) scans a repo, builds the local .repoguardian/ index (including a real module import graph and an evidence-bearing findings.json), and generates 11 guardian commands as adapters for Claude Code, Cursor, Windsurf, Copilot, Antigravity, and the universal fallback. Install with npx repoguardian init, or build from source (see Local development). Design notes live in IMPLEMENTATION-PLAN.md.

Commands

Run these from inside your AI assistant (Claude Code, Cursor, Copilot, Windsurf, Antigravity, …):

| Command | Purpose | |---|---| | /guardian architecture | Map how the repository works — structure, data flow, risk areas | | /guardian security | Senior security review — auth flaws, secrets, unsafe patterns | | /guardian tests | Find testing gaps and suggest/generate test cases | | /guardian dependencies | Unused, outdated, vulnerable, and duplicate packages | | /guardian cleanup | 🧹 Find unused dependencies, dead files, empty/orphaned folders & dead code | | /guardian performance | Bundle size, slow queries, expensive renders, caching gaps | | /guardian documentation | Generate & maintain README, architecture, API, onboarding docs | | /guardian refine | ⭐ Expand a thin request into a repo-aware prompt before the AI runs it | | /guardian implement | Plan & build a feature against your conventions (asks before editing) | | /guardian migrate | Plan a migration with affected files, changes, risks, rollback | | /guardian review | Combined senior engineer + architect + security + QA review |

See the full reference in COMMANDS.md and tool-by-tool setup in USAGE.md.

The killer feature: /guardian refine

You write:

Add payment support

RepoGuardian intercepts and expands it using your repo's real context:

Build payment support.

Repository Context:
  Framework:     Next.js 15
  Database:      PostgreSQL
  ORM:           Prisma
  Architecture:  Repository Pattern
  Existing SDK:  Razorpay

Requirements:
  - Create Orders table
  - Verify webhooks
  - Store transactions
  - Add retry logic
  - Add error handling
  - Add unit tests
  - Follow existing coding conventions
  - Match existing folder structure

Your assistant receives that prompt instead — and produces far better, repo-consistent output.

Works in any IDE

Native integrations for Claude Code, Cursor, Windsurf, VS Code + GitHub Copilot, and Antigravity, plus a universal fallback (GUARDIAN.md + .repoguardian/prompts/*.md) that works with any assistant that can read repository files — Cline, Continue, Zed, JetBrains AI, Aider, and more. See ADAPTERS.md and USAGE.md.

Documentation

| Doc | What's inside | |---|---| | VISION.md | Problem, vision, positioning, why it's free | | ARCHITECTURE.md | System design, pipeline, agent model, index layout | | SECURITY.md | Security & privacy model + threat model | | COMMANDS.md | Full /guardian command reference | | USAGE.md | Per-IDE / per-agent how-to guide | | ADAPTERS.md | How multi-assistant integration is generated | | KNOWLEDGE-INDEX.md | The analysis engine + index schemas | | ROADMAP.md | Phased plan (all free) | | IMPLEMENTATION-PLAN.md | Technical build plan for the CLI | | PUBLISHING.md | How to publish to npm (npx repoguardian) | | FAQ.md | Positioning, privacy, cost Q&A |

License

MIT — see LICENSE. Contributions welcome: CONTRIBUTING.md.