Skip to content

inginheiiro/pkg-pulse

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
bin
bin
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
PUBLISH.md
PUBLISH.md
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

pkg-pulse

Check the health of your npm dependencies - maintainers, activity, and abandonment risk.

pkg-pulse vs npm audit

npm audit pkg-pulse
Focus Security vulnerabilities (CVEs) Maintenance health
Question "Has this package been exploited?" "Is this package still maintained?"
Data source npm advisory database npm + GitHub API
Catches Known security issues Abandoned packages, bus factor
Misses Unmaintained packages Security vulnerabilities

Use both. They're complementary.

npm audit     # Security
pkg-pulse     # Maintenance

Example

Package npm audit pkg-pulse
lodash 4.17.20 ⚠️ CVE-2021-23337 ✅ Healthy (active, 3 maintainers)
abandoned-lib 1.0.0 ✅ No issues 🔴 High risk (1 maintainer, no commits in 2y)

A package can pass npm audit but be abandoned. If a vulnerability is found tomorrow, who will fix it?

Installation

npx pkg-pulse           # Run directly
npm install -g pkg-pulse # Or install globally

Usage

pkg-pulse                    # Analyze current directory
pkg-pulse -p ./my-project    # Analyze specific project
pkg-pulse --verbose          # Show all signals
pkg-pulse --json             # Output JSON (for CI)
pkg-pulse --no-dev           # Exclude devDependencies

Example Output

📦 Package Health Report
   Project: my-app
   Analyzed: 47 packages

   ████████████████████████████████████░░░░

🔴 old-lib 25/100
   1 maintainer · 234 ★ · last commit 2y · 89 issues
   ✗ No npm release in 2y (>2y)
   ✗ No commits in 2y (>18mo)
   ⚠ Single maintainer (bus factor risk)

⚠️  some-pkg 55/100
   2 maintainers · 1.2K ★ · last commit 8mo · 45 issues
   ⚠ No commits in 8mo (>6mo)

✅ express 100/100
   12 maintainers · 65.2K ★ · last commit 1w · 156 issues

✅ lodash 95/100
   3 maintainers · 59.8K ★ · last commit 3mo · 89 issues
   ℹ 3 maintainers (small team)

────────────────────────────────────────────────────────────
Summary:
   ✅ 44 healthy
   ⚠️  2 warnings
   🔴 1 high risk

GitHub Token (Recommended)

Without a token: 60 requests/hour. With a token: 5000 requests/hour.

# Create at: github.com/settings/tokens (no permissions needed)
export GITHUB_TOKEN=ghp_xxxxxxxxxxxx
pkg-pulse

Scoring

Signal Impact
Deprecated / Archived -100 (instant high risk)
No maintainers -40
1 maintainer -15
2-3 maintainers -5
No release >2y -30
No release >1y -20
No commits >18mo -25
No commits >1y -15
>500 open issues -15
<50 stars -5
>10K stars +10

Risk levels: 🟢 >= 70 | 🟡 40-69 | 🔴 < 40

CI Integration

- name: Check dependencies
  run: npx pkg-pulse --json > report.json

Exit codes: 0 = healthy | 1 = high risk found | 2 = error

Limitations

  • npm only (no Maven, pip, etc.)
  • GitHub only (GitLab/Bitbucket = limited data)
  • Use a GitHub token for large projects

License

MIT

About

Check npm dependency maintenance health - abandoned packages, bus factor, activity signals

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages