npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

trustlocal

v0.2.1

Published

One command. HTTPS everywhere. Zero config.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sahil26ksahil26k

Keywords

httpsssltlslocalhostmkcertdeveloper-toolscertificatesnextjsviteastrosveltekitnuxtremix

Readme

trustlocal

One command. HTTPS everywhere. Zero config.

npm version npm downloads license node

trustlocal demo

trustlocal automates local HTTPS for web development. It uses mkcert under the hood — installing it automatically if needed, generating browser-trusted certificates, and injecting the correct SSL config into your framework. Zero manual steps.

npx trustlocal init

That's it.

The problem it solves

mkcert (58k ⭐) generates locally trusted certificates — but it stops there. You still have to:

  • Wire cert files into your framework config manually
  • Set NODE_EXTRA_CA_CERTS so Node trusts them
  • Redo all of this for every teammate

trustlocal automates the entire chain: install → generate → inject → sync.

Supported frameworks

| Framework | Detected by | What gets configured | |---|---|---| | Next.js | next in package.json | next.config.js/tsexperimental.https block (or CLI flags for v15+) | | Vite | vite in package.json | vite.config.js/tsserver.https block | | Astro | astro in package.json | astro.config.mjsserver.https block | | SvelteKit | @sveltejs/kit in package.json | vite.config.tsserver.https block | | Nuxt | nuxt in package.json | nuxt.config.tsdevServer.https block | | Remix | @remix-run/dev in package.json | vite.config.tsserver.https block | | Fastify | fastify in package.json | .envNODE_EXTRA_CA_CERTS + server snippet printed | | NestJS | @nestjs/core in package.json | .envNODE_EXTRA_CA_CERTS + main.ts snippet printed | | Express / Node | express in deps or server.js present | .envNODE_EXTRA_CA_CERTS + code snippet printed | | Nginx | nginx.conf in project root | nginx.confssl_certificate directives injected | | Plain | fallback | Certs placed in .trustlocal/, manual wiring instructions printed |

Commands

init — first-time setup

npx trustlocal init

Installs mkcert if missing (no manual steps required), registers the local CA, detects your framework, generates trusted certificates, injects HTTPS config, and writes trustlocal.json so teammates can sync with one command.

Options

| Flag | Description | |---|---| | --domains <list> | Extra comma-separated domains to include, e.g. --domains myapp.local,api.local | | --force | Re-initialise even if trustlocal.json already exists | | --dry-run | Preview what would happen without writing any files |

sync — onboard a teammate

npx trustlocal sync

New developer clones the repo, runs this, and has HTTPS working in under 30 seconds. Reads trustlocal.json, generates fresh certificates on their machine (no private key sharing), and re-injects config identically.

renew — renew expiring certs

npx trustlocal renew

Certificates expire after 2 years. Deletes old certs and generates fresh ones. Framework config files are not touched — cert file paths stay the same.

| Flag | Description | |---|---| | --force | Renew even if the cert has more than 30 days remaining |

status — check your setup

npx trustlocal status

Prints a coloured OK / WARNING / ERROR for each check:

  • Certificate file present and expiry date
  • HTTPS config injection still in place
  • NODE_EXTRA_CA_CERTS set in .env
  • .trustlocal/ excluded from .gitignore

doctor — diagnose issues

npx trustlocal doctor

10-point diagnostic that checks every component of your HTTPS setup and suggests a specific fix for each problem found. Run this if something isn't working.

remove — clean uninstall

npx trustlocal remove

Removes everything trustlocal added: deletes the cert directory, strips HTTPS config from framework files, removes NODE_EXTRA_CA_CERTS from .env, cleans .gitignore, and deletes trustlocal.json.

| Flag | Description | |---|---| | --yes | Skip the confirmation prompt |

mkcert auto-install

If mkcert is not on your machine, trustlocal installs it automatically — no manual steps, no package manager required.

| Platform | Install method | |---|---| | macOS | Homebrew → direct download fallback | | Linux | apt → direct download fallback | | Windows | winget → choco → scoop → direct download fallback |

The direct download fallback fetches the official binary from GitHub releases using Node's built-in https module. No curl, no wget needed.

Security

  • .trustlocal/ is automatically added to .gitignore before any cert files are written — private keys are never committed
  • trustlocal.json is safe to commit — it contains no keys, only config metadata (framework, domains, cert dir)
  • All certificate generation happens locally via mkcert. trustlocal never reads, stores, or transmits any private key

Requirements

  • Node.js 18+
  • macOS, Linux, or Windows

License

MIT © Sahil Kashyap