npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

zavorth

v1.1.0

Published

Zavorth - local-first governed AI agent runtime with onboarding, CLI, API and supervised execution

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

greyvritragreyvritra

Keywords

Readme

Zavorth

Zavorth banner

Why Zavorth

Zavorth is not just a chatbot. It is a governed agent operating system for people who want AI to help with real work without giving it silent, unlimited control over their machine.

It combines:

  • Dashboard: a local gateway for requests, status, approvals and artifacts.
  • Policy Broker: one decision plane for tools, providers, web fetch, channels, skills, MCP and local writes.
  • Trust Plane: receipts, redaction, prompt-injection boundaries and approval envelopes.
  • Agent Runtime: sessions, memory, subagents, skills, scheduled work and recovery.
  • Channel Mesh: Telegram, web, CLI and other channels through one normalized contract.

The product goal is simple: ask naturally, execute safely, keep evidence.

Install

Official product direction: Zavorth is moving toward a private local runtime/installer as the main daily-use path. The npm package is the clean developer install path while the protected installer is prepared.

Published package:

npm install -g zavorth@latest
zavorth onboard
zavorth go

From a cloned repository:

npm install
npm run setup
npm run go

go opens or prints the local dashboard URL at /dashboard.

First 60 Seconds

zavorth onboard
zavorth doctor --simple
zavorth go
zavorth templates

Then use the dashboard like a normal request surface:

Review this repository and tell me what is risky.
Connect the safest channel for daily approvals.
Use subagents to inspect this codebase and summarize the findings.
Check whether my local runtime is ready for real use.

If you prefer terminal-only operation:

zavorth chat
zavorth run "review this repo"
zavorth missions
zavorth receipts
zavorth status --json
zavorth doctor --json

Core Surfaces

| Surface | Purpose | | --- | --- | | /dashboard | Main web gateway for daily use | | /satellite | Mobile/PWA companion when configured | | CLI | Onboarding, diagnostics, templates, missions, receipts and terminal chat | | Runtime API | Local integrations and SDK clients | | Channel Mesh | Telegram, web, Discord, WhatsApp, Signal, iMessage and other surfaces through one contract | | Skills | Governed instruction packs, imported with provenance and policy | | Subagents | Delegated workers with budgets, receipts and policy gates |

Security Model

Zavorth assumes agentic systems fail in subtler ways than classic apps. The runtime is built around defense in depth:

  • sensitive actions require policy and approval;
  • approvals are scoped and auditable;
  • raw secrets should become SecretRef metadata, not prompt text;
  • web, tool and memory content are treated as untrusted unless proven otherwise;
  • scheduled work and subagents do not bypass the same execution gates;
  • security checks run locally and in CI.

Start here: Security, Operations, Troubleshooting.

Documentation

The public documentation is intentionally small and product-facing:

Private audits and old implementation plans are intentionally kept out of the public docs tree.

Development

npm install
npm run runtime:check
npm run security:secrets
npm run zavorth:productization-protected-runtime:check
npm run workspace:check

Useful local checks:

node scripts/docs-public-repo-audit.mjs --write
npm run test:channels:smoke
npm run test:web:smoke
npm run test:nodes:smoke

Project Posture

Zavorth is a protected local runtime with a serious security posture. It is proprietary software, not an open-source project. It favors honest status over false readiness: when a provider, channel, credential or bridge is not configured, the product should say so clearly instead of pretending to be live.

Roadmap

The compact public roadmap lives in docs/11-roadmap.md. The near-term focus is:

  • live readiness by channel and provider;
  • better SecretRef UX;
  • transport discovery inside Channel Mesh;
  • public documentation that stays small, useful and current.