npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

vegtam

v1.0.2

Published

The wanderer — a pocket CLI for whatever repo you're standing in: fast read-first views plus a few safe local actions, in any repo, even ones you don't own.

Downloads

288

Readme

vegtam

Shellcheck

The wanderer — a pocket CLI for whatever repo you're standing in.

Odin walks Midgard in disguise under the name Vegtam. This tool is that mode: it works on exactly one repository — the one your shell is in right now — reading everything live from the local .git and its GitHub remote. No config, no stored state, no assumptions about who owns the repo. Run it inside any repo, anywhere on the machine, and get a fast lay of the land.

Works in any repo. Owns nothing.

Vegtam is built for the repos that aren't yours — client work, an open-source contribution, something you just cloned. That inverts the usual risk posture, so three rules hold throughout:

  • Read-first, act-light. The value is in the views, and views are safe everywhere. The handful of actions are scoped to "help me work in this repo," never "clean up someone else's."
  • Convention-neutral. Vegtam reports what is. It doesn't audit your repo against anyone's house style.
  • Permission-aware. Contributor without admin? Read-only? Non-GitHub remote? Every remote call degrades to a quiet, informative line — never a crash or a stack trace.

Nothing Vegtam does touches remote state or your uncommitted work unless you explicitly ask — and even then, the destructive-adjacent bits are dry-run by default.

Install

Vegtam is a single, self-contained Bash script. Pick whichever fits:

Homebrew (macOS / Linux):

brew install brett-buskirk/tap/vegtam

npm (also gives you npx vegtam with no install):

npm install -g vegtam

curl — no package manager required, drop it straight on your PATH:

mkdir -p ~/.local/bin
curl -fsSL https://raw.githubusercontent.com/brett-buskirk/vegtam/main/vegtam -o ~/.local/bin/vegtam
chmod +x ~/.local/bin/vegtam

(Make sure ~/.local/bin is on your PATH.)

Requires bash and git — so macOS, Linux, and WSL/Git Bash on Windows. The GitHub CLI (gh) unlocks the GitHub-backed sections and jq enables --json output; without them, the local git views still work.

Usage

vegtam [status]      one-screen briefing on the current repo (the default)
vegtam branches      local + remote branches: tracking, merged, stale
vegtam prs           open pull requests with their CI status
vegtam log           timeline of commits, merged PRs, and releases
vegtam health        security & freshness: alerts, deps, unpinned actions
vegtam sync          fast-forward the current branch to its upstream
vegtam tidy          delete merged local branches (dry-run by default)
vegtam branch <name> create + switch to a branch
vegtam pr            open a PR from the current branch
vegtam help          the menu
vegtam <cmd> help    detail & options for any command
vegtam --version     print the version

status — the flagship

One glance tells you where you stand:

  • repo name, description, visibility, and default branch
  • your relationship to it — a fork of whom, and how far ahead/behind its upstream you are
  • current branch, dirty state, and stashes
  • the latest commit, its CI status, and how long ago
  • open PR and issue counts

Fast and local by default; add --fetch to refresh ahead/behind from the remote first. Respects NO_COLOR and prints plain text when piped.

branches

Your local branches, newest commit first — each with its upstream tracking state (↑ahead/ ↓behind, [gone], or local-only), whether it's merged into the default branch, and its age — followed by the branches on origin you don't have locally. Purely descriptive; it never deletes anything (that's what tidy is for). --fetch refreshes tracking and remote branches first.

prs

Open pull requests, each with a CI glyph ( pass · fail · running · · none), its source branch, author, and age. The ones you authored are tagged (you).

log

A newest-first timeline of what changed: commits on the current branch (), merged PRs (), and releases (). --since <window> sets how far back to look — 6h, 3d, 2w (default), 1mo. Commits always work; the GitHub events need gh.

health

Security & freshness — three neutral, widely-recommended signals, each best-effort and access-aware:

  • alerts — open Dependabot advisories by severity (needs security read; a contributor usually can't see these, so it degrades to a note)
  • deps — dependency manifests with nothing watching them, and open Dependabot update PRs
  • actions — third-party Actions not pinned to a commit SHA (the supply-chain hardening recommendation), flagged outdated when a newer major exists

It reports what is — it doesn't judge the repo against anyone's house style, and it changes nothing.

--json

Every inspect view above takes --json (needs jq), emitting a structured object or array for piping into other tools. Fields you can't read come through as null, so a consumer can tell "no access" from "none found":

vegtam status --json | jq '.behind'                 # am I behind upstream?
vegtam prs --json    | jq '[.[] | select(.mine)]'   # just my open PRs
vegtam health --json | jq '.alerts.open // 0'       # open Dependabot alerts (null → 0)

Actions — safe, local, self-scoped

The only commands that change anything. Each helps you work in this repo; none touch remote branches, close others' PRs, or rewrite history.

sync

Fetch, then fast-forward the current branch to its upstream — nothing more. If your branch has diverged (you have local commits the remote doesn't), it says so and stops; reconciling means a rebase or merge, which it won't do for you. A clean fast-forward proceeds even with an unrelated dirty file — git itself refuses to overwrite uncommitted changes, so your work is never clobbered.

tidy

Delete local branches already merged into the default branch. Dry-run by default — it lists what it would delete and changes nothing until you add --apply (which confirms once for the batch; --yes skips the prompt). Never the default branch, never the one you're on, never anything on the remote, and only via git branch -d (which itself refuses a branch that isn't fully merged).

branch <name>

Create a branch and switch to it — or just switch, if it already exists. Purely local; nothing is pushed.

pr

Open a pull request from the current branch — a thin wrapper over gh pr create. It refuses on a detached HEAD, the default branch, or a branch with no commits beyond the base (nothing to open), then hands off to gh, which pushes the branch if needed (via a fork when you can't push to origin) and prompts for the rest. Extra flags pass straight through (vegtam pr --fill --draft).

Status

v1.0.0 — stable and feature-complete for v1: five inspect views (each with --json), four safe local actions, two-level help, shellcheck-gated CI, one self-contained script.

Anything remote-mutating or destructive beyond the safe local set is deliberately out of scope — that's not what a wanderer is for. See ROADMAP.md for what's intentionally deferred.

License

MIT — see LICENSE.