npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

samplebeacon

v1.0.0

Published

Community CLI — detect mock data, fiction KPIs, and credential leaks. Local scans, JSON + text reports, CI gate (--gate), GitHub Action + pre-commit hooks.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tjp88tjp88

Keywords

samplebeaconsimplebeaconmock-dataai-fictioncode-qualityci-gatepre-commitgithub-actiondevsecops

Readme

samplebeacon

Community CLI — catch mock data, fiction KPIs, and credential leaks before merge.

npm version License: MIT

Community ($0): unlimited local scans · JSON + text reports · gate policy (--gate) · GitHub Action + pre-commit hooks · zero runtime dependencies.

Hosted dashboard and cloud sync live at simplebeacon.ai (Cloud Teams / Enterprise).

Why Samplebeacon

AI-assisted development produces repos full of:

  • Inflated KPIs (74.17% completion, 47 features)
  • Hardcoded -sample.json paths in production code
  • Demo credentials that look real
  • Mock data shipped as if it were measured

Samplebeacon scans your codebase and fails CI when fiction tries to ship.

Install

npm install -D samplebeacon
# or zero-install
npx samplebeacon init
npx samplebeacon hook install

Quick start

npx samplebeacon init                  # auto-detects project layout
npx samplebeacon scan                  # scan and report (text)
npx samplebeacon scan --gate           # exit 1 on blocking issues
npx samplebeacon scan --format json --output .samplebeacon/report.json
npx samplebeacon hook install          # pre-commit gate
npx samplebeacon baseline sync         # sync Jest counts after green tests

Profiles

npx samplebeacon init --profile minimal    # credentials + production-leak only
npx samplebeacon init --profile standard   # all rules, generic defaults
npx samplebeacon init --profile cascade    # ai-platform dashboard preset

Commands

| Command | Description | |---------|-------------| | samplebeacon init | Create .samplebeacon/config.json and baseline.json | | samplebeacon scan | Scan project; --gate exits 1 on blocking issues | | samplebeacon baseline sync | Run Jest and write pass counts to baseline | | samplebeacon comment | Post PR comment from JSON report | | samplebeacon assess | Build customer assessment JSON from scan report | | samplebeacon hook install | Write pre-commit or pre-push hook (Husky or .git/hooks) |

Scan flags

| Flag | Description | |------|-------------| | --path <dir> | Project root (default: cwd) | | --config <file> | Config path | | --format text\|json | Output format | | --output <file> | Write report to file | | --gate | Fail when severities in gate.failOn are found | | --fail-on high,medium | Override gate severities | | --with-jest | Run tests and compare to baseline | | --verbose | Show config warnings and scan paths | | --profile | Force init profile |

Rules

| Rule | Severity | Detects | |------|----------|---------| | credentials | high/medium | AWS keys, JWT, GitHub PATs, OpenAI keys, private keys | | json-schema | high | Sample JSON violating page specs | | sample-consistency | high | Cross-file KPI drift vs baseline | | roadmap | medium | Legacy fiction roadmaps, oversized exports | | production-leak | high/medium | Mock/sample paths in production code | | jest-baseline | high | Jest pass count drift (optional, --with-jest) |

See docs/RULES.md and docs/CONFIG.md.

Go-to-market: docs/OUTREACH.md · Assessment report template · Production leak triage

Complementary stack

Snyk / GHAS     → known CVEs
SonarQube       → code smells, coverage
Samplebeacon    → fiction KPIs in sample JSON, mock paths in prod code, credential patterns

Run Samplebeacon in the same CI job as your existing security tools — it gates on different artifacts.

GitHub Actions

Copy examples/github-action/samplebeacon.yml to .github/workflows/samplebeacon.yml, or use the snippet below.

Standalone repo

- uses: actions/setup-node@v4
  with:
    node-version: '20'
- run: npx samplebeacon init --profile minimal
- run: npx samplebeacon scan --gate --format json --output .samplebeacon/report.json

Composite action

- uses: ./ai-platform/action
  with:
    path: .
    fail-on: high
    post-comment: true

See docs/GITHUB-ACTION-QUICKSTART.md, docs/PRE-COMMIT.md, and docs/CI.md.

Starter template

Copy examples/starter/.samplebeacon/ into your repo for a minimal working config.

Documentation

Publish

cd packages/samplebeacon-cli
npm test
npm publish --access public

Development

cd packages/samplebeacon-cli
npm test
node bin/samplebeacon.js scan --path ../.. --gate

License

MIT