Search everything...

Stats

Actions

Available In

solo-npm

Name: solo-npm
Author: gagle

By gagle

AI skills for every npm command a solo dev runs — publish, version, dist-tag, deprecate, audit, deps, owner, trust, unpublish — with verify gates and provenance baked in.

npx claudepluginhub gagle/solo-npm --plugin solo-npm

Popularity

Stars

Med: 0·Avg: 285

Installs

Med: 0·Avg: 1

What's Inside

Slash Commands27

Audit

/audit

Security audit across the workspace — runs npm/pnpm audit, classifies advisories by exploit risk and dep type, surfaces the actionable subset, chains to /solo-npm:deps for fixes. Triggers from prompts like "audit my packages", "are there any CVEs", "what's vulnerable", "security check before release", "anything urgent in deps". Read-only; writes results to `.solo-npm/state.json#audit` for /release Phase A.5 to read.

Bundle analyze

/bundle-analyze

Explain the published tarball's composition — which sources contribute size, which deps are bundled vs externalized, what's actually in the dist/. Triggers from prompts like "what's in my tarball?", "bundle composition", "why is my package so big?", "size breakdown by file". Pure read-only; consumes built dist/ + bundler metafile if available.

Deprecate

/deprecate

Mark npm package versions as deprecated (or undeprecate) with a custom message — single version, range, or mass-deprecate across the portfolio. Triggers from prompts like "deprecate all 1.x with message 'v1.x is EOL — migrate to v2'", "mark 1.6.0 as do-not-use because of data bug", "deprecate <2.0.0 across all packages", "undeprecate 1.5.0 of @ncbijs/eutils". AI-driven; rejects unbounded ranges for safety.

Deps

/deps

Dependency upgrade orchestrator with /verify gates — classifies into tiers (trivial/safe/major/CVE), batches in dep-graph order, rolls back on failure. Triggers from prompts like "update my deps", "bump packages", "refresh dependencies", "catch up on dep versions", "apply CVE fixes", "upgrade typescript to v6", "don't break anything but update what's safe". Major upgrades require AskUserQuestion. Use monthly or on CVE.

Dist-tag

/dist-tag

Manage npm dist-tags post-publish — add, remove, repoint, list, or cleanup stale tags across the portfolio. Triggers from prompts like "cleanup stale @next", "repoint @latest to 1.5.2 — 1.6.0 has a bug", "add @canary to 1.6.0-experimental.2 across all packages", "what dist-tags are set on my packages", "remove @next from @ncbijs/eutils". AI-driven; no manual `npm dist-tag` invocations needed.

Stats

Version0.19.1

Stars0

MaintenanceExcellent

LicenseMIT

Last CommitMay 13, 2026

AddedMay 3, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

gllamas-skills

Safety Signals

Caution

Runs pre-commands

Contains inline bash commands via ! syntax

Bash prerequisite issue

Uses bash pre-commands but Bash not in allowed tools

README

AI skills for every npm command a solo dev runs — publish, version, dist-tag, deprecate, audit, deps, owner, trust — with verify gates and provenance baked in.

solo-npm lifecycle: YOU type a prompt → solo-npm AI skills wrap every npm command → DONE signed, verified, on npm

🤖 Built to be driven by Claude

Open Claude Code in your repo, say "Integrate solo-npm and follow the Quick Start", and from then on every release, audit, hotfix, and dep upgrade is one prompt away. No manual npm version, no manual git tag, no manual changelog — Claude orchestrates the skills end-to-end.

For solo devs, this means:

Daily release: type "ship it" — Claude runs /verify, bumps the version from your commits, tags, watches CI, and verifies the registry attestation.

CVE alert: type "audit my deps" — Claude classifies, fixes Tier-1, runs /verify, commits the bump.

Hotfix on v1: type "fix the v1 rate-limiter, it crashes on 429" — Claude branches, applies the fix, ships the patch with the right dist-tag.

Morning check: type "how are my packages doing" — Claude renders a portfolio dashboard.

No CLI to memorise. No browser tabs to open. Just describe what you want.

Why solo-npm?
Commands at a glance
npm coverage
Tell Claude
Quick Start
Commands — detail
Composition with agent-skills
Architecture
Diagnostic prompts (symptom → skill)
Advanced
See also

Why solo-npm?

You're a solo developer — or running a small group of LLM agents — shipping npm packages. PRs are disabled in your repos (issue/discussion contribution model only). There's no committee, no second pair of human eyes.

Existing release tooling is built for teams: PR-based workflows, multi-stage approvals, complex changelog negotiation. In a solo or agent-driven context that overhead becomes friction — and friction makes you skip steps when you're moving fast. Skipped steps make unsigned, unverified, opaque releases.

solo-npm replaces that friction with one structured AskUserQuestion checkpoint per release and silent automation everywhere else. The skills bake in opinionated defaults — SLSA provenance attestation, OIDC Trusted Publishing, conventional-commit-driven version bumps, verify-gated dep upgrades — so you can't accidentally ship something untested or unsigned.

Beyond the release moment, the operate skills (/status, /audit, /deps) replace the morning ritual of opening five browser tabs to check on your portfolio. One terminal command per concern.

Tools used under the hood: npm-trust (CLI for OIDC trust config), gagle/prepare-dist (monorepo dist translation, optional).

Commands at a glance

View full README on GitHub

solo-npm

Popularity

What's Inside

Confidence

README

🤖 Built to be driven by Claude

Table of contents

Why solo-npm?

Commands at a glance

Similar Plugins

fullstack-dev-skills

prompts.chat

claude-code-toolkit

feature-dev

🤖 Built to be driven by Claude

Table of contents

Why solo-npm?

Commands at a glance

Popularity

Health & Quality

Similar Plugins

fullstack-dev-skills

prompts.chat

claude-code-toolkit

feature-dev

ralph-loop

drawio-diagramming