npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

signal-decay

v1.0.0

Published

Detect and repair signal corruption in your archival nodes — makes npm security audits understandable

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sndhlsndhl

Keywords

npmauditsecurityvulnerabilitiescliinteractivesignal-archivesamulet-digitalcorruption-detectiondependency-security

Readme

signal-decay

Detect and repair signal corruption in your archival nodes

Part of the Amulet Digital Signal Archives

An intelligent CLI tool that translates automated corruption scans (npm security audits) into clear, actionable restoration protocols. Instead of cryptic vulnerability IDs and technical jargon, it provides:

✅ Plain language explanations of signal degradation ✅ Transmission pathway visualization showing corruption spread ✅ Interactive prompts to execute restoration protocols ✅ Beautiful, color-coded corruption analysis ✅ Markdown reports for archival documentation

Overview

In the Signal Archives, every dependency is a signal fragment — a piece of transmitted knowledge preserved in your project. Over time, these fragments can degrade or become corrupted.

signal-decay monitors your archival nodes for corruption patterns, helping you:

  • Understand how signals have degraded
  • Trace corruption through transmission pathways
  • Execute restoration protocols interactively
  • Document corruption for network analysis

Installation

Global Install

npm install -g signal-decay
signal-decay

Local Install

npm install --save-dev signal-decay
npx signal-decay

Via npx (No Installation)

npx signal-decay

Requirements

  • Node.js 18.0.0 or higher
  • npm 6.0.0 or higher

Usage

Basic Usage

# Interactive mode - prompts for each corruption pattern
signal-decay

# Show only severe degradation
signal-decay --degradation severe

# Auto-restore all corrupted signals
signal-decay --restore-all

# Generate analysis report without restoration
signal-decay --analyze-only

CLI Options

  -h, --help                     Show help message
  -v, --version                  Show version
  --restore-all                  Automatically execute all restoration protocols
  --degradation <level>          Filter by degradation: critical, severe, moderate, minor
  --analyze-only                 Generate analysis report without restoration
  --json                         Output results as JSON
  
Compatibility aliases:
  --fix-all                      Same as --restore-all
  --severity <level>             Same as --degradation
  --report-only                  Same as --analyze-only

How It Works

Step 1: Scan for Corruption

$ signal-decay

Runs automated corruption detection (npm audit) and parses signal degradation.

Step 2: Understand Each Corruption Pattern

For each corrupted signal, you'll see:

 1/3 - 🔴 SEVERE DEGRADATION
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Fragment: lodash
Corruption Pattern: Prototype Pollution
Archive Reference: CVE-2019-10744

📖 Signal Degradation:
Attackers could modify object prototypes, cascading corruption 
through all objects in your archival node.

🔍 Transmission Pathway:
  ├─ [email protected]
  │  └─ [email protected]
  │     └─ [email protected] ⚠️ CORRUPTED

💡 Restoration Protocol:
Update lodash to version 4.17.21 or higher to restore signal integrity

? Execute restoration? (Y/n/skip all)

Step 3: Execute Restoration Protocols

For each corruption pattern, you can:

  • Yes: Execute restoration immediately
  • No: Skip this restoration
  • Skip all: Stop interactive mode

Step 4: Review Analysis Report

A markdown analysis is archived at ./decay-report.md with:

  • Summary of all corruption patterns
  • Detailed degradation analysis for each
  • Restoration results and status
  • Archive references and CVEs

Features

🎯 Plain Language Degradation Analysis

Instead of cryptic vulnerability descriptions, signal-decay translates corruption patterns:

| Technical | Signal Archives | |-----------|----------------| | "Prototype Pollution" | "Object prototype corruption cascade" | | "ReDoS" | "Regex-induced signal loop" | | "Path Traversal" | "Unauthorized pathway access beyond node boundaries" |

📊 Transmission Pathway Visualization

See exactly where corrupted signals propagate through your dependency tree:

Your Archival Node
└─ [email protected]
   └─ [email protected]
      └─ [email protected] ⚠️ CORRUPTED

🔧 Interactive Restoration

Execute restoration protocols interactively for each corruption, or auto-restore all at once.

📝 Corruption Analysis Reports

Generate archival reports for your network:

# Signal Corruption Analysis
Archived: 2024-02-14T10:30:45.123Z

## Summary
- **Total Fragments:** 487
- **Corruption Patterns Detected:** 3
  - 🔴 **Critical:** 0
  - 🔴 **Severe:** 1
  - 🟡 **Moderate:** 1
  - 🟢 **Minor:** 1

## Corruption Patterns
### 1. Prototype Pollution
**Degradation:** severe
**Fragment:** lodash
**Archive Reference:** CVE-2019-10744
...

🎨 Color-Coded Analysis

Degradation levels use color coding for quick identification of critical issues.

Configuration

Create an optional signal-decay.config.json in your project root:

{
  "degradation": "severe",
  "interactiveMode": true,
  "reportPath": "./decay-report.md",
  "excludeDevFragments": false,
  "autoRestoreAll": false
}

Examples

Example 1: Quick Interactive Analysis

$ signal-decay
◆ SIGNAL-DECAY — Corruption Analysis Protocol
✓ Analyzed 487 signal fragments
⚠ Detected 3 corruption patterns (1 severe, 2 moderate)

# ... displays corruption patterns and prompts for restoration

Example 2: Auto-restore All

$ signal-decay --restore-all
◆ SIGNAL-DECAY — Automated Restoration
✓ Analyzed 487 signal fragments
⚠ Detected 3 corruption patterns

→ Initiating automated restoration...
  ✓ lodash — Signal restored
  ✓ express — Signal restored
  ✓ debug — Signal restored

✓ Restoration complete
→ Corruption analysis archived: ./decay-report.md

Signal integrity maintained • Amulet Digital Archive Protocol

Example 3: Analysis Only

$ signal-decay --analyze-only
◆ SIGNAL-DECAY — Corruption Analysis
✓ Analyzed 487 signal fragments
⚠ Detected 3 corruption patterns
→ Generating corruption analysis...
✓ Analysis archived: ./decay-report.md

Signal integrity maintained • Amulet Digital Archive Protocol

Example 4: Severity Filter

$ signal-decay --degradation severe
◆ SIGNAL-DECAY — Critical Corruption Scan
✓ Analyzed 487 signal fragments
⚠ Detected 1 severe degradation pattern

# ... shows only severe/critical corruption

Supported Corruption Patterns

signal-decay includes plain language explanations for:

  • Prototype Pollution — Object prototype corruption cascade
  • Remote Code Execution (RCE) — Arbitrary instruction injection
  • SQL Injection — Database query manipulation
  • Cross-Site Scripting (XSS) — Client-side script injection
  • Denial of Service (DoS) — Resource exhaustion attacks
  • Path Traversal — Unauthorized file access beyond boundaries
  • Authentication Bypass — Security validation circumvention
  • Regular Expression DoS (ReDoS) — Regex-induced signal loops
  • XML External Entity (XXE) — XML parser exploitation
  • Insecure Deserialization — Object reconstruction attacks
  • Cryptographic Weakness — Encryption degradation
  • Information Disclosure — Unauthorized data exposure
  • And more...

For unknown corruption types, signal-decay provides the raw pattern description with guidance.

Troubleshooting

"Failed to run corruption scan"

Ensure you're in a Node.js archival node with a manifest (package.json):

npm init
npm install signal-decay
signal-decay

"No restoration protocol available"

Some corruption patterns don't have documented restoration protocols yet. Options:

  1. Wait for archivist response
  2. Contact the fragment maintainer
  3. Replace with alternative fragment

Dependencies are conflicting

When restoration introduces breaking changes, npm may refuse. Options:

  1. Review the restoration changelog
  2. Update transmission patterns if needed
  3. Defer restoration temporarily

API Usage

Use signal-decay as a library in your own archival tools:

import {
  runAudit,
  explainVulnerabilities,
  buildDependencyPath,
  generateReport,
} from 'signal-decay';

// Run corruption scan
const scanResult = await runAudit();

// Analyze degradation
const analysis = explainVulnerabilities(scanResult.vulnerabilities);

// Trace transmission pathways
analysis.forEach((corruption) => {
  const pathway = buildDependencyPath(corruption);
  console.log(pathway);
});

// Archive analysis
generateReport(scanResult, analysis);

Migration from audit-explain

signal-decay is the rebranded version of audit-explain, now part of the Amulet Digital Signal Archives.

To migrate:

npm uninstall -g audit-explain
npm install -g signal-decay

All functionality is preserved. Commands are compatible with aliases for --fix-all, --severity, etc.

Contributing

We welcome contributions to the Signal Archives! See CONTRIBUTING.md.

License

MIT License - see LICENSE file for details.

Support

Related Archival Tools

Signal integrity maintained by Amulet Digital
Archive Protocol • Node: signal-decay • Version: 1.0.0