npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

upshift-cli

v0.4.3

Published

AI-powered dependency upgrades with explanations and safe rollbacks.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jeffadkins1jeffadkins1

Keywords

dependenciesupgradesecurityvulnerabilitiesnpmyarnpnpmcliai

Readme

Upshift

npm version License: MIT VS Code Extension

AI-powered dependency upgrades. Stop reading changelogs—let AI fix what breaks.

Upshift scans for outdated and vulnerable packages, explains breaking changes with AI, generates code fixes, and upgrades safely with automatic rollback. Radar is the central view of dependency health across all your repos—one dashboard for your whole stack (free: paste reports; Pro/Team: persisted dashboard, history, alerts).

They hand you a list of chores. We did your chores—here's the receipt.

Status

Supports npm, yarn, and pnpm. What's next: ROADMAP.md · BACKLOG.md (prioritized work) · docs/STRATEGY_AND_FEEDBACK.md (strategy).

When does it break? At upgrade time: when you or CI run upshift upgrade, we run your tests and roll back if they fail. CI/CD and your existing smoke/integration tests are the guardrail—we don't replace them. See When it breaks & guardrails.

Install

npm install -g upshift-cli

Then run:

upshift --help

From source (dev)

git clone https://github.com/repairman29/upshift.git
cd upshift
npm install
npm run build
node dist/cli.js --help

Usage

Scan & Explain

upshift scan                          # See all outdated packages
upshift scan --json                   # Machine-readable output
upshift scan --licenses               # Include license per direct dep (npm)
upshift scan --report report.json     # Write JSON for Radar (central dashboard)
upshift radar                         # Open Radar in browser

upshift explain react --ai            # AI explains breaking changes
upshift explain react --from 18 --to 19
upshift explain react --risk          # low/medium/high risk score
upshift explain react --changelog     # Fetch changelog from GitHub

Upgrade & Fix

upshift upgrade react                 # Upgrade with tests + auto-rollback
upshift upgrade react --to 19.0.0
upshift upgrade react -y              # Skip approval prompt (e.g. CI)
upshift upgrade --all                 # Batch upgrade all packages
upshift upgrade --all-minor           # Only minor/patch updates

upshift fix react                     # AI generates code fixes
upshift fix react --dry-run           # Preview changes without applying

upshift rollback                      # Restore previous state
upshift rollback --list               # See available backups

Suggest & Plan

upshift suggest                      # Recommended upgrades (low risk, high value)
upshift suggest --limit 10           # Top 10 suggestions
upshift plan                         # Multi-step upgrade order (dependency + risk)
upshift plan --mode minor            # Only minor/patch upgrades
upshift migrate react --list         # List migration templates for react
upshift migrate react --dry-run     # Preview template application
upshift migrate next                # Apply Next.js 13→14 template
upshift migrate vue --list          # List Vue templates

Interactive & Monorepo

upshift interactive                   # TUI for selecting packages
upshift workspaces                    # Scan monorepo workspaces

Notifications

upshift notify --slack https://...    # Send report to Slack
upshift notify --discord https://...  # Send report to Discord

Credits & Billing

upshift credits                       # Check credit balance
upshift buy-credits --pack small      # Purchase credits
upshift subscribe --tier pro          # Subscribe to Pro
upshift status                        # Check subscription status

Human-in-the-loop (oversight)

Self-healing via LLM-generated code fixes should be reviewed, not applied blindly. Use upshift fix --dry-run to preview changes, then review before applying. For automated pipelines, use approval gates (see below).

If you want to approve risky upgrades (and optionally code fixes) instead of running fully automatic:

  • Single upgrade: By default, major version upgrades prompt Upgrade X from A to B (major)? [y/N] when run interactively. Use -y to skip (e.g. CI).
  • Config: Create .upshiftrc.json with upshift init. Set approval.mode to "prompt" (default), "none", or "webhook" (POST proposed upgrade to approval.webhookUrl; 200 = approve). Set approval.requireFor to ["major"] (default) or ["all"]. Set upgradePolicy: { blockRisk: ["high"] } to block high-risk upgrades (use -y to override). Set autoConfirm: true to skip all prompts.
  • Batch: upshift upgrade --all (or --all-minor) already asks for confirmation before applying; use -y to skip.

For full HITL (webhooks, event stream, approval server), see upshiftai and .upshiftai.json with approval.mode: "webhook" and docs/HITL.md. See also When it breaks & guardrails.

What it does today

  • Scan dependencies for outdated packages (npm, yarn, pnpm)
  • Fetch metadata and detect major version bumps
  • Risk assessment: low / medium / high based on major delta, CVEs, popularity
  • Fetch changelog from GitHub releases or CHANGELOG.md
  • Upgrade a dependency and run tests (if configured)
  • Roll back on failure (package.json + lockfile)

Credits

upshift explain uses a credit bank (10 free credits by default). When credits run out, the CLI outputs C and exits with code 2. Credits are stored in ~/.upshift/credits.json.

Credit packs are available, and Pro/Team subscribers receive a 20% bonus on credit purchases. Unused credits roll over.

You can also validate credits remotely by setting:

UPSHIFT_CREDITS_ENDPOINT=http://localhost:8787
UPSHIFT_API_TOKEN=dev-token-1

GitHub Action

Add to your repo for automated scanning on PRs:

# .github/workflows/upshift.yml
name: UpShift Scan
on: [pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: repairman29/upshift@main
        with:
          comment-on-pr: "true"
          fail-on-vulnerabilities: "false"

See .github/workflows/example-scan.yml for a full example.

Install the GitHub App

One-click scan on push and PRs (and optional comment with outdated/vuln counts):

  1. Install the App on your org or repo: Install Upshift (or use your own App’s install URL from GitHub → Settings → Developer settings → GitHub Apps).
  2. Add the workflow to the repo: copy .github/workflows/upshift-app-scan.yml into your repo’s .github/workflows/.
  3. Add repo secrets: APP_ID (your GitHub App ID) and APP_PRIVATE_KEY (contents of the App’s .pem file).

After that, every push to main (and every PR) runs a dependency scan. Full setup (webhook, Supabase, permissions): GitHub App ship checklist.

What's available now

  • ✅ AI-powered explanations (upshift explain --ai)
  • ✅ AI code fixes (upshift fix)
  • ✅ VS Code extension (install)
  • ✅ GitHub Action for CI/CD
  • GitHub AppInstall Upshift for scan-on-push/PR (setup)
  • ✅ Interactive mode (upshift interactive)
  • ✅ Monorepo support (upshift workspaces)
  • ✅ Slack/Discord notifications (upshift notify)

Coming next

  • Multi-repo dashboard (Radar)
  • Python support (pip/poetry)

See ROADMAP.md for the full plan and Roadmap for Innovation for longer-term R&D and vision.

Radar

Radar is the central view of dependency health across all your repos. Free: paste or upload scan reports at upshiftai.dev/radar. Pro/Team: persisted dashboard, history, alerts. See docs/radar.md.

upshift scan --report report.json   # in each repo
upshift radar                      # open Radar in browser

Website

The landing page lives in web/. Deploy at upshiftai.dev:

Deploy with Vercel

After importing, set Root Directory to web, then add domains upshiftai.dev and www.upshiftai.dev in Project → Settings → Domains. See web/README.md.

JARVIS in Cursor

Use JARVIS from Cursor when you need dependency analysis, blog media, or UpshiftAI skill work. One-time setup:

scripts/setup-jarvis-cursor.sh
cd upshiftai/platform && node ../../scripts/create-upshift-api-key.cjs

Then put JARVIS_EDGE_URL in vault/jarvis.json (or run the create script with --edge-url https://YOUR_REF.supabase.co/functions/v1/jarvis). Deploy Edge first: supabase functions deploy jarvis. See upshiftai/docs/JARVIS-EDGE-SUPABASE.md. Invoke JARVIS via node scripts/call-jarvis.js <task> '<json>'.

Documentation

Product / users: User guide · CLI reference · Configuration · Radar · When it breaks & guardrails · Opt-in insights

Developers: Development guide · GitHub App (ship checklist) · Contributing

Reference: API Endpoints · Roadmap · Release v0.4.0 · Docs index

Blog: When it breaks, guardrails, and HITL · Introduction