npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

vaultly

v1.0.3

Published

Zero-dependency command-line vault — passwords and documents as individually encrypted files, organized like folders, sealed with one master password, synced through git

Readme

Vaultly is a zero-dependency command-line vault for passwords and private documents. Every secret lives as its own AES-256-GCM encrypted file, organized in folders like aws/admin, unlocked by a single master password — and because the vault is just a directory of ciphertext, it syncs anywhere through git.

zero dependencies node >= 18 encryption license MIT


Why vaultly?

  • 🔐 One password, everything sealed. Each entry is encrypted on its own — fresh scrypt salt and IV per file, GCM-authenticated so tampering is detected. Nothing ever touches disk in plaintext.
  • 🗂 Secrets that nest like folders. aws/admin, work/gcp/service-account — browse them as a tree, fetch them by path.
  • 💡 It meets you halfway. Typo a name and vaultly suggests the closest matches; hit a folder and it shows you what's inside.
  • ☁️ Sync without a service. The vault is a git repo of ciphertext — push it to a private GitHub repo and pull it on every machine you own. No server, no subscription, no trust in anyone's cloud.
  • 🪶 Zero dependencies. ~600 lines of Node.js and nothing in node_modules. Audit it over coffee.

Install

git clone https://github.com/doron2402/vaultly.git && cd vaultly
npm run link      # links globally — the `vaultly` command is now on your PATH
vaultly init      # pick your master password — it encrypts everything

The vault lives at ~/.vaultly (override with VAULTLY_HOME).

Usage

# Generate, store and print a password
vaultly generate aws/admin -n 24
vaultly generate github/personal --no-symbols

# Fetch a secret — bare path works
vaultly aws/admin
vaultly get aws/admin -c          # copy to clipboard instead of printing

# Store something you already have (hidden prompt)
vaultly insert stripe/live-key

# Store a document / file, encrypted
vaultly insert aws/ssh-key -f ~/.ssh/id_rsa

# Browse
vaultly list
vaultly list aws

# Delete
vaultly rm github/personal

# Change the master password — re-encrypts every entry with the new one
vaultly passwd

Suggestions

Typos get you close matches, and hitting a folder shows what's inside:

$ vaultly aws/dor
vaultly: nothing stored at 'aws/dor'. Did you mean:
  aws/admin

$ vaultly aws
vaultly: 'aws' is a folder. Entries inside:
  aws/admin
  aws/prod/root

Sync with GitHub

Create a private repo on GitHub, then:

vaultly sync setup [email protected]:you/vaultly-vault.git   # one time
vaultly sync                                             # commit + pull + push
vaultly sync status                                      # what would sync

Once linked, every generate, insert, rm and passwd auto-commits locally; vaultly sync pushes those commits and pulls changes from other machines. Only ciphertext ever leaves your machine — GitHub sees .pass blobs it can't read.

On a second machine, clone the repo as your vault and use the same master password:

git clone [email protected]:you/vaultly-vault.git ~/.vaultly

If both machines change the same entry, vaultly sync reports the conflict and leaves the vault untouched — resolve it in ~/.vaultly like any git conflict, then sync again.

Options

| Flag | Meaning | |---|---| | -n <chars> | Password length (default 20) | | --no-symbols | Alphanumeric passwords only | | -c, --copy | Copy to clipboard instead of printing | | -f <file> | Read the secret's content from a file |

Scripting

Set VAULTLY_PASSWORD to skip the master-password prompt:

VAULTLY_PASSWORD=... vaultly aws/admin

vaultly passwd also honors VAULTLY_PASSWORD (current password) and VAULTLY_NEW_PASSWORD (new one) for non-interactive use.

Security notes

  • Your master password is never stored; a small encrypted verifier in config.json detects wrong passwords.
  • Each .pass file carries its own scrypt salt + IV; GCM authentication detects tampering and corruption.
  • Changing the master password stages every re-encrypted file first and swaps atomically — a failure mid-way leaves the vault untouched.
  • Files are written 0600, vault directories 0700.
  • Entry names are visible as filenames (that's what makes suggestions and git sync work) — keep the sync repo private.
  • Losing the master password means losing the vault. There is no recovery. That's the point.

Test

npm test

License

MIT