npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

swe-workflow-skills

v0.5.2

Published

A curated library of Claude Code Agent Skills covering the full software lifecycle, with orchestrator-routed activation that scales past the skill-listing budget.

Downloads

945

Readme

SWE Workflow Skills for Claude Code

npm roles-check skills license: MIT

A curated library of 65 Claude Code Agent Skills that walk Claude through the software lifecycle the way a disciplined senior engineer would — planning, design, TDD, review, security, deployment, incidents, and the project-management work around them.

Each skill encodes a method (DRY, YAGNI, KISS, clean architecture, evidence-before-done), not just a task. They compose into end-to-end workflows and are kept honest by an LLM-as-judge eval harness.

skill-router routing a live session

Why this library

Not just a pile of skills — a routing layer over Claude Code's native skill activation, an eval discipline, and full-SDLC breadth that popular collections don't cover:

  • An orchestrator, not auto-trigger roulette. A skill-router skill maps your intent to the right skill(s) and chains them across phases. Community measurements put Claude's own description-based auto-triggering at roughly a coin flip to ~84%; here activation is routed and deterministic instead, and the routing eval harness measures it (top-1 accuracy 1.00, zero misroutes on the committed baseline, regression-gated in CI) — see the routing benchmark. This is the one thing the platform still doesn't do for you.
  • Every skill stays reachable, no pre-picking. Claude Code injects skill descriptions only up to ~1% of context, so large libraries silently stop auto-triggering past ~20–40 skills. The fix is Claude Code's own name-only state (its docs recommend it for low-priority skills); this library just applies it wholesale — keeping the router + safety skills "loud" and listing the rest name-only — so the router can still invoke every skill by name, with no cropping and without making you pre-pick a subset (how it works).
  • Tested like code, not prose. Every skill ships 3 evals; two LLM-as-judge harnesses (content quality and routing accuracy) replay them with skill loaded vs absent and gate regressions in CI. Safety-critical skills (deploys, releases, tests, incidents, security) are hardened: an Iron Law, a rationalization table distilled from real baseline failures, and pressure tests that try to talk the agent out of it.
  • Curated, not a mega-catalog. First-party skills, versioned and eval-gated in the repo — no arbitrary third-party skills pulled from a hub, and nothing that executes on its own (the content is instructions and templates; the only code is the open Node installer). In an ecosystem where researchers have flagged hundreds of malicious community skills, curated-and-reviewed is itself a feature — see SECURITY.md.
  • Full-SDLC breadth. Planning, architecture/ADRs, API and data design, TDD, review, security, releases, deploys, GitOps, observability, incidents, MLOps, LLM apps and AI evaluation, data pipelines and data quality, and the PM/strategy work around them — a wider slice of the lifecycle than the community collections we know of aim for (they tend to go deep on the coding inner loop; see Acknowledgements).
  • Role-scoped. /role backend (or frontend, devops, ml, ai, data, data-scientist, security, architect, em, pm, strategy, qa, mobile, designer) promotes a working set to auto-trigger; the rest stay one route away.
  • Cross-platform install. The installer and SessionStart hook are pure Node — the one runtime Claude Code already requires — so they run identically on Linux, macOS, and Windows (no bash, Python, or sed).

Quick Start

Most people — install the per-role plugin for your hat (works on CLI, Claude Code web, claude.ai chat, and Cowork):

/plugin marketplace add SWEStash/swe-workflow-skills
/plugin install swe-workflow-pm@swe-workflow

Want the whole library with the orchestrator (CLI) — no clone needed. This is a two-step setup:

# 1. Install all 65 skills + router + /role + the hook script, and apply the baseline
npx swe-workflow-skills install --global
// 2. Wire the hook: merge the snippet the installer prints into your settings.json
//    (the installer never edits settings.json for you — it just prints the block).
//    Then start a new session; /doctor should show the hook registered.
{ "hooks": { "SessionStart": [ /* ...the printed block... */ ] } }

⚠️ Don't skip step 2. Step 1 alone installs the skills and prevents cropping, but the hook is what nudges Claude to consult skill-router first — without it, skills won't auto-route (the whole point of the library) and the baseline isn't re-asserted after /compact. If you deliberately want no hook, pass --no-hook; auto-routing stays off until a hook is wired. The per-role plugin path above needs no hook — it's self-contained.

Or from a clone: node install.mjs --global.

Prerequisite: Node.js ≥ 18 (already present wherever Claude Code runs).

Installation

Two supported paths, chosen by what your environment can run:

| Path | What you get | Works on | |------|--------------|----------| | Per-role plugin (above) | your role's crop-safe subset, auto-triggering | CLI · Code web · claude.ai chat · Cowork | | npx swe-workflow-skills | the full library + orchestrator + /role + hook | CLI · Cowork |

npx swe-workflow-skills install               # all skills -> ./.claude/ (project-local)
npx swe-workflow-skills install --global      # -> user config dir ($CLAUDE_CONFIG_DIR or ~/.claude)
npx swe-workflow-skills install --role pm     # a lean hard subset (just the PM skills)
npx swe-workflow-skills install --no-hook     # skip the SessionStart hook (baseline still applied)
npx swe-workflow-skills uninstall --dry-run   # preview removal; --global/--dir mirror install

From a clone, the same commands are node install.mjs … / node uninstall.mjs ….

The installer never edits settings.json — it prints the SessionStart hook snippet for you to merge. Re-running is idempotent. See INSTALL-MATRIX.md for every method × surface, and ROLES.md for the activation model.

Usage

On any non-trivial task, Claude consults skill-router first; it reads the full catalog and invokes the matching skill(s) by name, re-routing as the work changes phase. The default SessionStart hook nudges Claude to do this automatically; you can also route explicitly ("use the security-audit skill") or switch the promoted set with /role. Don't want a particular skill routed at all? npx swe-workflow-skills disable <skill> opts it out durably — see disable a skill from routing.

A routed chain, by phase — e.g. "add OAuth login":

feature-planning      →  scope tasks, acceptance criteria, risks
architecture-design   →  ADR: session vs token, where auth lives
data-modeling         →  user/session schema + migration
tdd-workflow          →  red-green-refactor the implementation
security-audit        →  authn/authz, token handling, OWASP pass
code-reviewing        →  DRY/KISS/SRP + conventions
deployment-checklist  →  pre-deploy safety + rollback readiness

The router invokes each skill as you reach its phase rather than all at once. A single request often fans out to several skills — "review this for accessibility and UX" pulls in both accessibility-design and ui-ux-design. See a full session play out in what routing looks like; the pre-built chains (new feature · bug/incident · continuous improvement · pre-public review) live in the skill-router skill and ROLES.md.

What's included

65 skills — full catalog → SKILLS.md:

| Area | Count | Examples | |------|-------|----------| | Software Engineering | 30 | feature-planning, plan-execution, architecture-design, threat-modeling, compliance-privacy, code-archaeology, tdd-workflow, security-audit, browser-verification, subagent-orchestration | | Project Management | 8 | brainstorming, prd-writing, effort-estimation, build-vs-buy, metrics-and-okrs, retrospective, strategic-review | | DevOps | 8 | containerization, cicd-pipeline, release-management, gitops-delivery, resilience-engineering, finops-cost-optimization | | Design | 3 | ui-ux-design, frontend-architecture, accessibility-design | | MLOps | 3 | ml-pipeline-design, ml-experiment-tracking, ml-model-deployment | | AI Engineering | 2 | llm-app-engineering, ai-evaluation | | Data Science | 3 | exploratory-data-analysis, statistical-analysis, notebook-to-production | | Data Engineering | 2 | data-pipeline-design, data-quality | | Mobile | 2 | mobile-architecture, mobile-release | | Evaluation & Monitoring | 2 | observability-design, test-data-strategy | | Meta | 2 | skill-router, writing-skills |

Documentation

  • ROLES.md — the activation model (name-only baseline, roles, the orchestrator) and the CLI vs web/plugin paths.
  • INSTALL-MATRIX.md — every install method × surface, side by side.
  • SKILLS.md — the full skill catalog by area.
  • EVALS.md — how the skills are tested (RED/GREEN, pressure tests, CI gate).
  • ROUTING-BENCHMARK.md — the routing reliability numbers, methodology, and how to reproduce them.
  • AUTHORING.md — write or modify a skill (descriptions, budget, progressive disclosure, evals).
  • RELEASING.md — versioning policy and how to cut a release. Changes are tracked in CHANGELOG.md.
  • SECURITY.md — the security model: trust boundaries, what runs automatically, supply-chain guarantees, and how to report a vulnerability.

Evaluation

Each skill carries an evals/ directory; safety/discipline skills add a pressure_tests block. Two runners replay scenarios through Claude (skill loaded = GREEN, absent = RED) and judge each assertion with a skeptical LLM-as-judge: evals/workflow-runner.mjs (in-session, no API key) and evals/run.py (CI regression gate, wired into .github/workflows/skill-evals.yml). Full guide in EVALS.md.

Contributing

New or improved skills are welcome — start with AUTHORING.md (or install the writing-skills skill). The short version: descriptions are everything, keep SKILL.md concise with detail in references/, and ship exactly 3 evals.

Acknowledgements

This library stands on ideas from projects we found genuinely useful:

  • obra/superpowers — the guardrail pattern our hardened safety skills adopt (an Iron Law, a rationalization table distilled from real failures, and pressure tests that try to talk the agent out of it) comes from Jesse Vincent's work here, as does the idea of a Socratic brainstorming skill as the entry point to a feature. Superpowers goes deeper on the coding inner loop than we do; if that's what you want, use it.
  • anthropics/skills — Anthropic's official skills (and skill-creator in particular) are the authoring practice we benchmark ours against; the eval-first loop in AUTHORING.md follows the same instinct.
  • The Agent Skills docs and Anthropic's engineering posts — progressive disclosure, the listing budget, and the name-only + skillOverrides activation surface this library's routing model is built on.
  • The awesome-claude-skills community lists — the ecosystem survey that shaped our gap analysis of what a full-SDLC library should cover.

License

MIT — see LICENSE.