npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

sourcepulse

v0.4.2

Published

Zero-config project intelligence CLI for JavaScript and TypeScript repositories

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

maaz-bin-hassanmaaz-bin-hassan

Keywords

clicode-qualitydependenciessecuritytypescript

Readme

SourcePulse

npm version license

Zero-config project intelligence for JavaScript and TypeScript repositories.

npx sourcepulse

SourcePulse scans a local repository and produces a scored health report with practical cleanup suggestions. It runs locally, does not upload your source code, and does not require a configuration file.

What It Checks

| Area | Checks | | --- | --- | | Dependencies | Outdated packages, unused packages, npm audit vulnerabilities | | Dead code | Unused exports and orphan files | | Environment | Defined-but-unused variables and referenced-but-missing variables | | Imports | Circular dependency chains | | Security | Likely hardcoded credentials and committed .env files | | Freshness | Recent commits, releases, and stale branches |

Quick Start

Scan the current directory:

npx sourcepulse

Scan another project:

npx sourcepulse ../my-project

Example output:

sourcepulse v0.4.1

Scanning my-app (Next.js + Prisma + Vitest)

Overall Score: 82/100 (B)

Dependencies
  - Outdated: 4
  - Unused: 1
  - Vulnerabilities: 0

Dead Code
  - Unused exports: 3
  - Orphan files: 1

Environment
  - Ghost vars: 1
  - Phantom refs: 0

Quick Wins
  1. Remove unused package "left-pad"
  2. Delete or connect orphan file src/legacy.ts
  3. Remove unused environment variable OLD_API_URL

CLI Options

| Option | Description | | --- | --- | | --json | Print the complete report as JSON | | --ci | Enable CI exit behavior with a default minimum score of 70 | | --score-min <score> | Exit with code 1 when the score is below the selected threshold | | --only <scanners> | Run selected scanners, such as deps,env,security | | --offline | Skip network-backed npm outdated and npm audit checks | | --fix | Remove detected unused packages from package.json |

Examples:

npx sourcepulse --json
npx sourcepulse --only=deps,env,security
npx sourcepulse --offline
npx sourcepulse --ci --score-min=80

Using --fix

--fix only removes packages detected as unused and refreshes package-lock.json when present.

npx sourcepulse --fix
git diff

Review the resulting diff before committing. Static analysis can require project-specific judgment.

CI Usage

Add SourcePulse to GitHub Actions:

- name: Run SourcePulse
  run: npx sourcepulse --ci --json --score-min=70

The command exits with code 1 when the score falls below the selected minimum.

Optional Configuration

SourcePulse works without configuration. To customize behavior, add sourcepulse.config.ts in the project root:

import type { SourcePulseConfig } from "sourcepulse";

export default {
  weights: {
    security: 30,
    deps: 20,
  },
  ignoreDependencies: ["@types/node"],
  ignoreEnvVars: ["NODE_ENV"],
  ignoreFiles: ["**/generated/**"],
  externalChecks: true,
  staleBranchDays: 60,
} satisfies SourcePulseConfig;

Supported config filenames:

sourcepulse.config.ts
sourcepulse.config.mts
sourcepulse.config.js
sourcepulse.config.mjs
sourcepulse.config.cjs
sourcepulse.config.json

Legacy stackradar.config.* and stackprobe.config.* filenames are also supported.

Plugins

Plugins can add project-specific findings:

import type { SourcePulsePlugin } from "sourcepulse";

export default {
  name: "license-policy",
  scan: async ({ root }) => {
    return [{ message: `Review licenses in ${root}`, penalty: 2 }];
  },
} satisfies SourcePulsePlugin;

Register the plugin from your config file:

export default {
  plugins: ["./tools/sourcepulse-license-plugin.ts"],
};

Requirements

  • Node.js 20 or newer
  • npm for dependency checks
  • Git for repository freshness and committed .env detection

Development

npm install
npm run build-check
npm run lint
npm test
npm run build

License

MIT