npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

yana-ai

v0.43.1

Published

Audits your AI coding agent setup before it can damage your repo. 55 hooks · 1989 skills · 101 agents · Claude Code + Codex compatible.

Readme

当你的智能体尝试执行危险操作时,Yana 会拦截它,说明原因,并记录下来。支持 Claude Code、Cursor、Windsurf、Antigravity、Kiro、OpenCode、Zed、Gemini、GitHub Copilot、Aider 等工具。

npm install -g yana-ai && npx yana-ai-install   # 接入钩子(60 秒)

试着让智能体做点坏事,看看会发生什么。下面每个示例都是 2026-07-04 对 core/hooks/guard-destructive.sh 的一次真实运行结果,原样复制,不是宣传文案(这个防护还没能拦住什么,见 Known Limitations):

# 智能体尝试:git push --force origin main
Blocked: 'git push --force' (any flag spelling) is not allowed. The
orchestrator pushes branches; force-pushing risks overwriting shared history.

# 智能体尝试:rm -rf /some/path
Blocked: 'rm -rf' (recursive + force, any flag spelling) is irreversible.
Use targeted 'rm' with explicit paths, or ask the human to confirm first.

# 智能体尝试:git clean -f
Blocked: 'git clean -f' (any flag spelling) permanently deletes untracked
files. Ask the human to confirm before running this.

这就是全部要点:确定性规则,完全本地运行,决策路径中没有 LLM,任何数据都不会离开你的机器。

能拦住什么

破坏性的 git 操作、工作区之外的 rm、把网络内容管道进 bash、未经审查的包安装,全部由 55 个智能体钩子拦截,背后由 Rust 运行时(yana-rt)支撑。底层还有 101 个专职智能体、1,989 个技能、70 条强制规则,在 CI 中以 826 种方式检查。完整的分层结构见架构文档

验证是否生效

yana-ai doctor .      # 检查钩子是否接好、配置是否完整、各层网关是否健康
yana-ai audit .       # 扫描你仓库中智能体配置的风险项

防火墙之外

这套引擎还提供带任务路由器、任务集调度器和多智能体启动器的 CLI、用于扫描每个 PR 的 GitHub Action,以及基于同一内核构建的聊天界面 Yana

完整文档与演示 · Architecture · Vision · Roadmap · Versioning

真实的局限

规则是确定性的模式:能拦住已知的危险形态,拦不住全新的攻击手法。哪些是文档上写的政策、哪些是真正生效的机制,完整内容见 Known Limitations。如果某个网关拦得太多或太少,提个 issue;真实反馈才是让这些网关变得更精准的方式。


Vũ Văn Tâm · 越南 · 17 岁

| | | |---|---| | Email | [email protected] | | Website | yanacuti1121.github.io/Yana-AI | | GitHub | yanacuti1121/Yana-AI | | Yana | yanai-production.up.railway.app |

Apache-2.0。本项目基于开源社区的想法、模式与工具构建,包含以 Apache 2.0、MIT 及其他宽松许可证发布的项目,均在各自许可证范围内使用。对设计决策产生直接影响的项目,已在相应源文件与规则文档中注明来源。