npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

wholestack

v0.6.2

Published

Wholestack — a pro-grade conversational terminal agent for the Wholestack codegen engine. Talk to it in plain language: it writes ISL, generates full-stack or Solidity apps, and proves them with ShipGate. Browser login, membership-gated builds, slash comm

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ship-gateship-gate

Keywords

aicodegenagentcliwholestackshipgateislfull-stacksolidityformal-verification

Readme

wholestack

A conversational terminal agent for the Wholestack codegen engine. Describe what you want in plain language — it writes an ISL contract, generates a full-stack (Next.js + Postgres) or Solidity app, and proves it with ShipGate (Foundry · Slither · Halmos · firewall).

npm install -g wholestack

Quick start

wholestack login          # opens your browser to authorize this device
wholestack                # start an interactive session
wholestack "build me a todo app with auth"   # one-shot

The zeta command is installed as an alias for wholestack.

Login & billing

Builds run on the hosted Wholestack engine and spend one build credit from your membership wallet — the same credits and tiers as the web app. So you must be signed in and on a paid plan to generate and keep code.

wholestack login                    # browser device login (recommended)
wholestack login --token <vbfl_…>   # headless / CI: paste a token from your dashboard
wholestack login --no-browser       # print the URL instead of auto-opening
wholestack logout                   # forget the stored token

login mints a personal access token tied to your account and stores it at ~/.wholestack/config.json (chmod 600). Revoke it anytime from Account → Security on wholestack.ai.

Common flags

| Flag | Meaning | | ------------------------ | ---------------------------------------------------------------- | | -m, --model <id> | pick the brain tier (zeta-g1-lite / zeta-g1 / zeta-g1-max) | | --think / --no-think | toggle extended reasoning | | --plan | plan mode (no mutations) | | -p, --print | non-interactive, print result and exit | | --zeta-url <url> | override the engine origin (defaults to https://wholestack.ai) |

Projects — one spine with the web IDE

Everything you build (terminal, wholestack.ai/build, /demo) lands in the same project list. The terminal can read and write the exact working tree the web IDE edits:

wholestack projects            # list your platform projects
wholestack pull <id> [dir]     # download a project's working tree
wholestack push [dir]          # sync local edits back to the web IDE
wholestack open [buildId]      # open a generated build in the web IDE

pull links the directory via .wholestack/project.json, so a later push (and open inside a delivered app) needs no arguments. Pushes skip node_modules, build output, .env* and binaries.

Security verification

Run ShipGate's gates on a generated contract:

wholestack prove ./contracts MyToken --property conservation

Prove-gate (any repo, in CI)

Gate ANY Next.js + Prisma repo — not just generated ones — with the deterministic prove-gate. It proves tenant isolation (RLS) and authorization-completeness (no unprotected/orphan endpoint) over your code and exits non-zero on NO_SHIP, so it drops straight into CI as a required status check. Fail-closed: a check that can't bind its artifact is reported "not run", never a silent pass.

wholestack prove .                 # gate the checked-out repo; exit 0 = SHIP, 1 = NO_SHIP
wholestack prove . --json          # full machine-readable verdict to stdout
wholestack prove --remote --github owner/repo --ref <sha>   # hosted, HMAC-SIGNED verdict

--remote returns a verdict signed by the ISL server (HMAC over the canonical verdict: schema · verdict · score · checks · blockingReasons · sourceHash · deepTierTargets), so a stored or shared verdict can be re-verified offline and any tampering with the SHIP/NO_SHIP, score, or blocking reasons is detectable.

A ready-to-use GitHub Actions workflow is in examples/github-actions/isl-prove.yml — copy it to .github/workflows/ to block PRs that fail the gate.

Requirements

  • Node.js ≥ 20

License

MIT