npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

safelaunch

v1.0.31

Published

Backend Reliability Infrastructure - catch what breaks production before it breaks

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

karthicedrickarthicedric

Keywords

deploymentenvironmentreliabilitydevopsclipre-deploygit-hooks

Readme

safelaunch

The pre-deploy guardrail for JavaScript projects.

npm version

One command turns safelaunch into a system that blocks bad pushes automatically — forever.

Works with Node.js, Next.js, Vite, and Create React App.

🌐 orches.dev

Get protected in one command

npx safelaunch setup

No installation. No config. Run it once in any JavaScript project.

safelaunch scans your project, shows you exactly what would break your next deploy, generates your environment manifest, and installs a git hook that blocks bad pushes automatically from now on.

What happens when you push

If something will break production:

✗  PUSH BLOCKED — 2 issues will break production
   Fix all blockers before this code ships.

✗  STRIPE_SECRET_KEY is missing
   Impact: Any code that reads process.env.STRIPE_SECRET_KEY will get undefined. This silently breaks at runtime.
   → Add STRIPE_SECRET_KEY to your .env file.

✗  DATABASE_URL is missing
   Impact: Any code that reads process.env.DATABASE_URL will get undefined. This silently breaks at runtime.
   → Add DATABASE_URL to your .env file.

─────────────────────────────────────────────────
2 blockers  ·  push aborted

To skip (not recommended):  git push --no-verify

If everything is clean:

✓ All checks passed (0.4s)

Nothing else. Your push goes through.

What safelaunch checks

Environment

  • Missing required variables
  • Empty variable values
  • Duplicate variable definitions
  • VITE_ prefix validation (Vite projects)
  • REACT_APP_ prefix validation (CRA projects)
  • .env.example gaps

Secrets & Security

  • Secrets committed to staged files
  • .env not in .gitignore

Dependencies

  • node_modules not installed
  • Packages in package.json but not installed
  • Lockfile out of sync with package.json

Build Readiness

  • TypeScript errors (tsc --noEmit)
  • Critical npm vulnerabilities

Runtime

  • Node.js version mismatch (.nvmrc)

Commands

npx safelaunch setup        # Scan + generate manifest + install git hook
safelaunch scan             # Run all checks
safelaunch init             # Generate env.manifest.json from your .env
safelaunch validate         # Validate current env against manifest
safelaunch hook install     # Install the git hook manually
safelaunch hook uninstall   # Remove the git hook
safelaunch hook status      # Check if the hook is active

How the hook stays active

Once installed, the hook runs before every git push. If it ever goes missing, safelaunch validate detects and reinstalls it automatically.

New team members get the hook installed automatically via the postinstall script when they run npm install.

CI Integration

- name: Validate environment
  run: npx safelaunch validate

Blocks the pipeline if required variables are missing or misconfigured.

env.manifest.json

safelaunch setup generates an env.manifest.json — a contract that locks which variables your project requires. Commit this file. Every push is validated against it.

{
  "version": "1.0.0",
  "required": [
    "DATABASE_URL",
    "STRIPE_SECRET_KEY",
    "NEXTAUTH_SECRET"
  ]
}

Privacy & Security

safelaunch runs entirely on your machine. It never sends your environment variables, secrets, or project data to external servers. Your .env files stay local. Always.

Anonymous usage telemetry is collected to help improve the product. No personal data, no secrets, no file contents — ever.

Built by Karthi Cedric · Part of Orches