npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

varcrypt

v0.1.4

Published

CLI for VarCrypt — pull encrypted secrets from the cloud

Readme

varcrypt

CLI for VarCrypt — pull AES-256-GCM encrypted environment variables from the cloud directly into your terminal.

Requirements

Node.js 18 or later.

Installation

npm install -g varcrypt

Quick start

1. Generate an API token

Go to VarCrypt → Settings → API Tokens and create a new token. Copy the vc_… value — it's only shown once.

2. Save the token locally

varcrypt login
# Paste your API token:

The token is stored in ~/.varcrypt/config.json.

3. Pull secrets

varcrypt pull <project-slug> <environment>

Example:

varcrypt pull my-app production
# DATABASE_URL=postgres://...
# API_KEY=sk-...

Pipe directly into a process:

env $(varcrypt pull my-app production) node server.js

Or source as shell exports:

source <(varcrypt pull my-app production --output export)

Commands

varcrypt login

Prompts for an API token and saves it to ~/.varcrypt/config.json.

varcrypt pull <project> <env> [options]

Prints secrets for the given project and environment as KEY=value lines.

| Option | Description | |---|---| | --output export | Print as export KEY="value" instead of KEY=value | | --host <url> | Override the API host (default: http://localhost:3000) |

The --host flag is useful for self-hosted deployments:

varcrypt pull my-app staging --host https://varcrypt.example.com

How it works

Secrets are encrypted with AES-256-GCM at rest. The CLI sends your API token in the Authorization header; the server decrypts and returns the plaintext values over HTTPS. Your token is scoped to a single organization — it cannot read secrets from other organizations.

Security

  • Tokens are stored in ~/.varcrypt/config.json with default file permissions. Protect this file like you would an SSH key.
  • Always pull over HTTPS in production. The default localhost:3000 host is intended for local development only.
  • Rotate tokens in the VarCrypt dashboard if one is compromised.

License

MIT