npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

life-machine

v0.1.1

Published

Keep your npm packages alive with minimal effort ⚕️

Downloads

40

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

greencoder001greencoder001

Keywords

life-machinenpmdependabot

Readme

Why?

Have you ever had a npm package which was basically done and needed no more support? If so, it's very likely your package has dependencies, which might have vulnerabilities and should therefore be kept up to date. Life Machine does that automatically for you, by integrating GitHub Actions, Dependabot and npm.

Features

  • 🤖 Based on Dependabot
  • 🗄️No own server required
  • ✴️ Uses GitHub Actions
  • ⚙️ Easy setup
  • 🟪 Discord integration
  • ✅ Test code before publish
  • 👨🏻 Manual review on major version change

Setup guide

Step 1: Creating the workflow

Go to your repository and run this command:

npx -y life-machine

This will create a workflow file in the .github/workflows folder. It will also generate a config file in .github/.life-machine.json.

Step 2: Setting up tokens

To work, life machine will need two to three tokens:

  1. NPM Token
  2. GitHub Token (will be generated automatically)
  3. Discord Webhook URL (optional)

You can set these secrets in your GitHub repo settings, under Security/Secrets and Variables/Dependabot, accessible under https://github.com/you/your-repo/settings/secrets/dependabot.

First, create a npm access token as shown here. Then go to the repo settings, click New repository secret, and create one with the name LM_NPM_TOKEN and your generated token as the secret. Now you are technically done with secrets.

Optional: Adding Discord notification support

If you want to receive messages when you manually need to review something, or just want to know if a new version of your package was published, you can create an Discord WebHook to send messages for you. First, follow this guide and copy the generated WebHook URL. Go back to the repo settings and create a new secret with the name LM_DISCORD_TOKEN and use the WebHook URL as the secret.

Configuring Life Machine

If you take a look at the .github/.life-machine.json file, you'll find the configuration for Life Machine. It will look like this by default:

{
    "manualCheckOnMajor": true,
    "runTests": true,
    "manualOnly": false,
    "testCommand": "npm test",
    "discordNotifications": {
        "onPublish": true,
        "onAttentionNeeded": true
    },
    "versionType": "patch"
}

You can change this options based on your needs. Here is a little explanation for each: |Option|Explanation|Possible values|Recommended value| |--|--|--|--| |manualCheckOnMajor|Defines wether Life Machine should publish the package, even if a dependency has a major version change|true|false|true| |runTests|If set to true, Life Machine will only publish if the given test command exited with code 0|true|false|true| |manualOnly|If set to true, Life Machine won't ever publish and will just send you a discord message when a dependency can be updated|true|false|false| |discordNotifications.onPublish|Defines wether you want to receive a discord message when your package was published successfully|true|false|true| |discordNotifications.onAttentionNeeded|Defines wether you want to receive a discord message when your package couldn't be published. It's recommended to never touch this|true|false|true| |versionType|Defines what version type should be used to generate the version tag for your package|"major"|"minor"|"patch"|"patch"| |registry|A custom registry url, without protocol|string|"registry.npmjs.org" |rebaseTries|When Dependabot triggers multiple releases at a time (which happens most of the time), there's a good chance that the calculated version was already published for another package. To prevent this, you can set the number of tries to republish|number|5 (or number of your dependencies / what you can afford)|

What to do when manual attention is needed

If you receive a message saying your package wasn't published you should first check why:

1. Tests failed

If your tests failed, this is either because you have a bad test command defined or the new version of the package doesn't integrate well with your code. Now you should do the following steps:

  1. Install the affected dependency version
  2. Run the tests on your local machine
  3. Solve the integration issues
  4. Run npm version patch
  5. Run npm publish
  6. Commit & Push to GitHub

2. A dependency received a major update or manualOnly is set to true

If you receive this error message, there was no actual error, but Life Machine just wants to make sure your code really works with the new versions. You should do the following:

  1. Install the affected dependency version
  2. Make sure everything works fine
  3. Run npm version patch
  4. Run npm publish
  5. Commit & Push to GitHub

3. An error occurred

If an error occurred, try to read what went wrong from the error message, but this steps should help in general:

  1. Make sure your secrets are set correctly
  2. Make sure the config is valid
  3. Make sure the Discord WebHook url exists
  4. Make sure dependabot is set up correctly
  5. Make sure your NPM_SECRET is still valid

If that doesn't help, create an issue to let me know about your problem!