npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

tjs-lang

v0.8.2

Published

Type-safe JavaScript dialect with runtime validation, sandboxed VM execution, and AI agent orchestration. Transpiles TypeScript to validated JS with fuel-metered execution for untrusted code.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tonioloewaldtonioloewald

Keywords

typescripttranspilerruntime-validationtype-safetysandboxvirtual-machinewasm-alternativeai-agentsllmorchestrationsecurityfuel-meteringcapability-basedjson-astuntrusted-code

Readme

TJS Platform

playground | github | npm | discord

What is TJS?

TJS is a language. It's what JavaScript always promised, but never quite delivered. Indeed it's what Apple's Dylan promised and never delivered. Instead of "a lot of the power of Lisp", all the power of Lisp. Instead of C-like Syntax, actual JavaScript syntax. Instead of easy to learn but with weird corner cases, dangerous gotchas, and problems at scale, we fix the corner cases, remove the gotchas, and provide the tools that let you scale.

TJS is also a runtime. A runtime that remembers your function declarations and can check whether parameter types are what they ought to be. It can guarantee safety by default, and speed when it's needed (including inline WASM).

AJS is another language. It's a language for safe evaluation with injected capabilities and a gas limit. It's the language tjs allows you to Eval and use to create a SafeFunction. It also has its own VM and runtime to allow you to build universal endpoints. It's a language that's easy for agents to write and comprehend. It can be converted into an AST and run remotely.

TJS is also a toolchain. It transpiles itself into JavaScript. It transpiles TypeScript into itself and then into JS. It turns function definitions into runtime contracts, documentation, and simple tests. It uses types both as contracts and examples. It allows inline tests of private module internals that disappear at runtime. It compresses transpilation, linting, testing, and documentation generation into a single fast pass. As for bundling? It allows it but it targets an unbundled web.

TJS Platform Overview

The Problem

TypeScript is fragile. It pretends to be a superset of JavaScript, but it isn't. It pretends to be typesafe, but it isn't. Its Turing-complete type system is harder to reason about than the code it supposedly documents—and then it all disappears at runtime.

TypeScript is also difficult to transpile. Your browser can run entire full virtual machines in JavaScript, but most TypeScript playgrounds either fake transpilation by stripping type declarations or use a server backend to do the real work.

JavaScript is dangerous. eval() and Function() are so powerful they're forbidden almost everywhere—blocked by CSP in most production environments. The industry's answer? The Container Fallacy: shipping a 200MB Linux OS just to run a 1KB function safely. We ship buildings to deliver letters.

Security is a mess. Every layer validates. Gateway validates. Auth validates. Business logic validates. Database validates. We spend 90% of our time building pipelines to move data to code, re-checking it at every hop.

What If?

What if your language were:

  • Honest — types that actually exist at runtime, not fiction that evaporates
  • Safe — a gas-metered VM where infinite loops are impossible, no container required
  • Mobile — logic that travels to data, not oceans of data dragged to logic
  • Unified — one source of truth, not TypeScript interfaces plus Zod schemas plus JSDoc

That's what TJS Platform provides: TJS for writing your infrastructure, and AJS for shipping logic that runs anywhere.

TJS — Types That Survive

Write typed JavaScript where the type is an example. No split-brain validation.

// TJS: The type is an example AND a test
function greet(name: 'World'): 'Hello, World!' {
  return `Hello, ${name}!`
}
// At transpile time: greet('World') is called and checked against 'Hello, World!'

// Runtime: The type becomes a contract
console.log(greet.__tjs.params) // { name: { type: 'string', example: 'World', required: true } }

// Safety: Errors are values, not crashes
const result = greet(123) // MonadicError: Expected string for 'greet.name', got number

Why it matters:

  • One source of truth — no more TS interfaces + Zod schemas + JSDoc comments
  • Types as examplesname: 'Alice' means "required string, like 'Alice'"
  • Runtime metadata__tjs enables reflection, autocomplete, documentation from live objects
  • Monadic errors — type failures return values, never throw
  • Zero build step — transpiles in the browser, no webpack/Vite/Babel
  • The compiler is the client — TJS transpiles itself and TypeScript entirely client-side

Compile Time and Runtime Flow

AJS — Code That Travels

Write logic that compiles to JSON and runs in a gas-limited sandbox. Send agents to data instead of shipping data to code.

const agent = ajs`
  function research(topic: 'AI') {
    let data = httpFetch({ url: '/search?q=' + topic })
    let summary = llmPredict({ prompt: 'Summarize: ' + data })
    return { topic, summary }
  }
`

// Run it safely—no Docker required
const result = await vm.run(
  agent,
  { topic: 'Agents' },
  {
    fuel: 500, // Strict CPU budget
    capabilities: { fetch: http }, // Allow ONLY http, block everything else
  }
)

Why it matters:

  • Safe eval — run untrusted code without containers
  • Code is JSON — store in databases, diff, version, transmit
  • Fuel metering — every operation costs gas, infinite loops impossible
  • Capability-based — zero I/O by default, grant only what's needed
  • LLM-native — simple enough for small models to generate correctly

The Architecture Shift

Architecture Shift: Data-to-Code vs Code-to-Data

The agent carries its own validation. The server grants capabilities. Caching happens automatically because the query is the code.

Safe Eval

The holy grail: eval() that's actually safe.

import { Eval } from 'tjs-lang/eval'

// Whitelist-wrapped fetch - untrusted code only reaches your domains
const safeFetch = (url: string) => {
  const allowed = ['api.example.com', 'cdn.example.com']
  const host = new URL(url).host
  if (!allowed.includes(host)) {
    return { error: 'Domain not allowed' }
  }
  return fetch(url)
}

const { result, fuelUsed } = await Eval({
  code: `
    let data = fetch('https://api.example.com/products')
    return data.filter(x => x.price < budget)
  `,
  context: { budget: 100 },
  fuel: 1000,
  capabilities: { fetch: safeFetch }, // Only whitelisted domains
})

The untrusted code thinks it has fetch, but it only has your fetch. No CSP violations. No infinite loops. No access to anything you didn't explicitly grant.

Safe Eval: Capability-Based Security

Quick Start

npm install tjs-lang

Run an Agent

import { ajs, AgentVM } from 'tjs-lang'

const agent = ajs`
  function double(value: 21) {
    return { result: value * 2 }
  }
`

const vm = new AgentVM()
const { result } = await vm.run(agent, { value: 21 })
console.log(result) // { result: 42 }

Write Typed Code

import { tjs } from 'tjs-lang'

const { code, metadata } = tjs`
  function add(a: 0, b: 0): 0 {
    return a + b
  }
`
// code: JavaScript with __tjs metadata attached
// metadata: { add: { params: { a: { type: 'number', example: 0 }, b: { type: 'number', example: 0 } }, returns: { type: 'number' } } }

Try the Playground

Since TJS compiles itself, the playground is the full engine running entirely in your browser.

tjs-platform.web.app

At a Glance

| | TypeScript | TJS | AJS | | --------------- | ------------------------------- | ------------------------------------------------ | ----------------- | | Purpose | Write your platform | Write your platform | Write your agents | | Trust level | Your code | Your code | Anyone's code | | Compiles to | JavaScript + .d.ts | JavaScript (with runtime checks + introspection) | JSON AST | | Runs in | Browser, Node, Bun | Browser, Node, Bun | Sandboxed VM | | Types | Static only (erased at runtime) | Examples → runtime validation | Schemas for I/O | | Errors | Exceptions | Monadic (values, not exceptions) | Monadic | | Build step | tsc → JS + .d.ts | Runs tests, builds docs, produces JS | None |

Note: TJS can transpile TypeScript into JS (via TJS) using tjs convert, giving your existing TS code runtime type checks and introspection. You can even add inline tests using /*test ...*/ comments that run automatically during the build.

Bundle Size

The cost of "safe eval"—compare to a 200MB Docker image:

| Bundle | Size | Gzipped | | ------------------------- | ------ | --------- | | VM only | 218 KB | 66 KB | | + Batteries (LLM, vector) | 14 KB | 5 KB | | + Transpiler | 5 KB | 2 KB | | Full (with TS support) | 230 KB | 71 KB |

Dependencies: acorn (JS parser), tosijs-schema (validation). Both have zero transitive dependencies.

Documentation

Installation

# npm
npm install tjs-lang

# bun
bun add tjs-lang

# pnpm
pnpm add tjs-lang

License

Apache 2.0