'Insecure' tags are being applied to some packages which do not have any apparent vulnerabilities.

For example lostofs currently has a red 'insecure' tag, see first result from the npms.io search.

Hovering over the tag it says:

Package [email protected] has 3 vulnerabilities. For more details, check against nodesecurity.io.

However, following the link to nodesecurity.io it says there are none:

There are no known vulnerabilities for lostofs@latest or any of its dependencies.

When the page is opened, the white "morph" effect plays for closing the menu on the right, despite the fact that the menu was never opened.

EDIT: This appears to only occur when developing locally: localhost:8080, but not on the live site: npms.io

https://opbeat.com/

When I click on the "View this package analysis" link it just shows a json dump:
https://api.npms.io/v2/package/lodash

The yarnpkg website recently got a search feature and package details page. The search is kinda meh compared to npms, but the package details page is really awesome (example) and far superior to the one on npmjs.com. Would it be a good idea to link to that as well from the results? What do you think?

So I can just write npms+Tab in the URL bar to search npms directly from there.

Example:

<link title="Bower.io" type="application/opensearchdescription+xml" href="http://bower.io/opensearch.xml" rel="search">

http://bower.io/opensearch.xml

https://www.google.com/search?q=opensearch

I saw that current search result is bigger score first but not all in this rule.
For example , i searched ''express" and got
express(4.14.0) 98
express-session(1.13.0) 86
path-to-regexp(1.5.3) 88

I think "path-to-regexp" should be NO.2 result?

I don't know if it's related to the issue, but I get this warning in the console: "This site appears to use a scroll-linked positioning effect. This may not work well with asynchronous panning; see https://developer.mozilla.org/docs/Mozilla/Performance/ScrollLinkedEffects for further details and to join the discussion on related tools and features!"

The avatar that shows up on npms.io:

The avatar that shows up on npmjs.com:

It looks like users who uploaded an avatar directly to npmjs.com are showing up correctly, but Gravatar users are showing up with generated avatar images.

https://npms.io/search?q=influx unfairly lists the same package from tree.xie twice:

• influxdb-nodejs
• simple-influx

The latter was renamed to the former, but both show up in searches.

Currently, the analyzer looks to help with determining the "relevance" of the module on the basis of Github activity. One step ahead would be to add a community driven review system for the modules.

Essentially, "amazon-like" star based reviews and comments. The main aim is to incorporate this into search results so that good modules show up higher than crappier ones. What do you guys think about this?

Hello! Thanks for doing npms – it is great tool!

I use API in my open-source project to manage plugins. Several times I had a situation when plugin ( === npm package) is updated and published to npm, but npms API result updated only after some time.

I suppose that you don't have hooks from npm registry and you have to update your cache time to time and I'm thinking if it is possible to add refresh button to package page? Or maybe you have other ways to make updates faster?

Compare:

• https://npms.io/search?term=fibonacci-heap
• https://www.npmjs.com/search?q=fibonacci-heap

Like ruby-toolbox, but for node (npm).

See also:

• http://stackoverflow.com/questions/30079465/cannot-find-equivalent-of-ruby-toolbox-for-javascript-libraries
• https://github.com/activesphere/nodetoolbox
• http://artandlogic.com/2013/07/the-javascript-toolbox/

It would be great to have auto-complete/suggestion features for the search, similar to what https://www.npmjs.com/ does. Thanks!

Personally, if it's available, I would just a soon have the GitHub repo be the default link.

Failing that, it would be nice to have a link to the repo (just add a clickable GH icon?)

Hi there, great project!
It'd be nice to get a link to try packages out on tonicdev e.g. https://tonicdev.com/npm/lodash

GET https://api.npms.io/v2/search?from=0&q=url&size=25 500

While I find this tool useful for package discovery, it doesn't seem to work as expected when you look for a package by its name. Try uglifyjs, for instance: you have to scroll almost all the way down the 127-result list to find the one you're looking for. Try react: I was not able to find it at all!

What about including in the first place the module by that name? This is also something that I find lacking in the official npmjs.com site, but at least I can easily find react :)

I think that until we have some contents to add to the homepage, we could show the contents of the About page. People that now visit the homepage don't understand why this project exists and how it's different from others.

@satazor: What do you think?

The navigation menu’s opening “spring” is great! I think it would make the effect more continuous if it happened on menu close. Here it is (in Firefox 47):

Thoughts? I could take a peek at the CSS/JS and open a PR if interested.

Whenever I want to use Chrome's search feature in the Adress Bar, I get 0 results, because the url transforms from

to

https://npms.io/search?term=ramda

but npms.io uses

https://npms.io/search?q=ramda

Please 1. either allow term again or tell chrome to use q instead of term.

It'd be really cool to be able to search modules that have TypeScript definitions. These modules can be identified by types or typings as a string pointing to a .d.ts file at the root of package.json. I'd be happy to attempt this if there's a pointer on where to start and whether it sounds like an acceptable feature. It could be implemented as a new option, or something is is:types. There's also the @types namespace on NPM which are third-party definitions, those could be included with is:@types (being a inferior alternative to native types).

Similar to google.

Of course, issue is blocked by #15 because it's unclear what to put there.

Currently tags displayed on result pages are unclickable.

I propose that when clicking on a tag, it should triggers a new search with this word.

You might want overflow-y: auto; on <body>. Looks better.

https://npms.io doesn't have a logo yet and I don't have any experience in drawing logos. If anyone would like to contribute with a logo and identity proposal, please post a comment in this thread. The person behind the chosen logo will be headed to the about page.

Thanks, help would be much appreciated!

• Logo + identity
• Favicon
• Touch icons and the like

Hi,
The website https://npms.io is leaking all package maintainer email addresses to bots.
It is visible to Google (try to search email address on google) and scrapping sites can scrap the email addresses to spam them.

You can notice email address in image tag's alt attribute.

I know that npm requires to have a pubic email. But npm itself never expose it to pubic in that way.

TBD.

Reference: #210

Version 7.11.1 of stylelint just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As stylelint is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

here

..related to react-gravatar #144

While I did https://npms.io/search?q=koa, I got Oops, an error ocurred while fetching the results.
Is there something wrong?

I am considering writing a tool to do this because it might be outside the scope of this project.

There is already https://bundlephobia.com which is great for front end dependencies that get bundled with webpack but it doesn't tell you about the size of dev dependencies such as test frameworks.

There is already a request to add this to npmjs.com here: npm/www#197

Is this a feature that could be used by npms.io? (forgive me if this is the wrong repo)

Quick, can you tell which of the words in this screenshot are hyperlinked?

Version 6.10.1 of eslint-plugin-react just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As eslint-plugin-react is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

It would be amazing if you autofocus the search input. 😁 Then we wouldn't have to click on that input.

Thanks for amazing product!

This is merely a suggestion to a comment thread posted on Reddit about this project.
Adding a preview modal view when hovering over a link to a package on the search result could show a quick summary of the meta information of said package.
Such information could include but is not limited to:

• Downloads in last 30 days
• Amount of GH stars
• Last updated date
• Dependency count
• Dependent count
• Past version count
• Current unstable/RC version
• Direct GH link for quick access to repository

Link to thread in question: comment

Hi there, nice UI, clean and simple, just the way i like it :)

Is it possible to have the back button (browser back i mean) close the menu if it's open.
I believe that this would be better, especially on mobile where the natural instinct is to press the back button to get out of stuff.

Currently back does history back in all cases.

I would be more then happy to fix this myself :) if it is something that's wanted.

Cheers,
Boogie

Follow up of npms-io/npms-analyzer#63

Basically, if a exact match appears first but it's not the best module, it should be outlined somehow. We need to come with a good visual solution to make that clear.

Whatever I type in the search field it says "Oops, an error ocurred while fetching the results".

Just forwarding a link to a issue/request made long ago at about npm's website which never went anywhere.

Very happy to see someone else has finally picked up the ball and run with this major issue...thx!

npm/www#6

the score is a good idea but additional filtering, sorting and/or ability for visitor to tweak the scoring algorithm would be a plus.

I'm not sure about the npm API, but this would be handy instead of always having to go through the additional step (and tab) to star the package.

The site would sort results by calculated score but we can give the user the option to sort by quality alone, maintenance alone, popularity or a combination maybe ??

I found I had to edit config/parameters to the following:

{
    "publicPath": "/build/",
    "apiUrl": "http://localhost:8080/api",
    "googleAnalyticsId": "UA-XXXXX-X"
}

npms.io seems to be down currently

The version number that displays on the search results for a package is inaccurate (possibly cached server-side?). For example, the version number displayed for angular-ui-boostrap is 2.0.1, which was released on 2016-08-02. The latest version of this package on npm is 2.1.3, which was released 2016-08-25.