r/npm

A P2P alternative to Ngrok or Cloudflare Tunnels using Iroh!
▲ 24 r/npm+2 crossposts

A P2P alternative to Ngrok or Cloudflare Tunnels using Iroh!

I've been experimenting with Iroh. As a dev one thing that I always find annoying is having to spend time working out how to either host a service on a cloud instance, use a third party like Ngrok or Cloudflare for reverse tunnelling etc. I'd like the process of showing anyone whatever is on my PC easier.

So I made this utility. I used npx because while I don't personally use it, it is by far the easiest way to get it in front of lots of devs so I can get feedback and improve it.

Build and run from source:

cargo run -- share 3000

Run with npx (no global install):

npx p2p-tunnel share 3000

On another machine (or another terminal), connect using the ticket printed by share:

cargo run -- connect <TICKET>

Or with npx:

npx p2p-tunnel connect <TICKET>

https://github.com/drmikesamy/p2p-tunnel

https://www.npmjs.com/package/p2p-tunnel

u/drmikesamy — 1 day ago
▲ 1 r/npm+1 crossposts

I Created Bleeding Edge Tooltips Directive

After the CSS Conference recently I was so inspired so I want to see how far I can go. As a Proof Of Concept I create this tooltips Directive. You should not use it tho due to the lack of browser support. This is the npm package.

I leverage interestfor, anchor position and use Angular DI to keep 1 single Popover alive at all time. With signal now being stable I could just use it to project text content. Variables are used to follow Angular Material mat-sys-token. I just like Angular Material :D.

As per usual, I write the code in away that you can just copy paste it into your codebase.Also check out my File Drop.

reddit.com
u/General-Animator-282 — 2 days ago
▲ 132 r/npm+17 crossposts

Walks the full cmd/compile pipeline in order: package names, data structures, and the SSA construction that drives inlining, escape analysis, bounds-check elimination, and register allocation, with flags to observe each phase directly.

This one took a while, it's probably the longest thing I've written on this blog. I wanted to do a proper end-to-end walkthrough of cmd/compile: real package names, real data structures, diagrams for the AST and SSA CFG, and the flags you actually need (-m, -m=2, GOSSAFUNC, -S) to observe each phase yourself rather than just take my word for it.

Covers the full pipeline: lexer → parser → type checker → IR lowering → SSA construction → optimization passes (inlining, escape analysis, BCE, nil check elimination, register allocation) → architecture-specific code emission.

Hope it's useful — happy to answer questions or push back on anything that looks wrong.

blog.gaborkoos.com
u/OtherwisePush6424 — 5 days ago
▲ 6 r/npm+2 crossposts

Ways to reduce token cost in AI agents

Ive been building AI agents for a while and noticed a few patterns that help cut token usage without wrecking the workflow.

A few things that seem to matter most:

- Set hard token budgets per task or step.

- Stop runaway loops early with guardrails or circuit breakers.

- Use smaller models for cheap steps and reserve larger ones for harder reasoning.

- Summarize context aggressively instead of carrying the full history forever.

- Track token spend per workflow, not just per request.

- Add safety checks so bad prompts or tool loops don’t burn budget.

I’ve been working on a small npm SDK called agent-cost-controller that wraps some of these ideas into one place for Node/JS agent apps. But I can't find anything useful for Python.

Curious what else people are doing to keep agent token usage under control, especially in production

reddit.com
u/MimTheHuman — 5 days ago
▲ 5 r/npm+2 crossposts

Looking for feedback on a frontend behavior library I've been building

Hey everyone!

I've been building a frontend library focused on UI behaviors called Nagare (流れ), and I'd really appreciate some honest feedback from other developers.

The idea is simple: instead of splitting a single interaction across CSS, Tailwind classes, event handlers, animation libraries, and state management, everything for that interaction lives in one place.

Example:

soul("button") .hover({ onStart: { tw: "scale-105 shadow-xl", css: `border-radius: 20px`, js: function () { console.log("hovered") } }, onEnd: { tw: "scale-100 shadow-none", css: `border-radius: 12px` } })

Each behavior (hover, click, tap, longpress, swipe, drag, scroll, onVisible, onIdle, networkChanged, etc.) can contain:

  • "tw" for Tailwind classes
  • "css" with inline "@if/@else"
  • "js" for custom logic
  • shared state, templates, presets, delays, and more

I'm not trying to replace React or Tailwind—Nagare is focused on giving interactions a single home.

I'd really love feedback on:

  • Does the API feel intuitive?
  • Is this something you'd actually use?
  • What feels unnecessary or confusing?
  • What would you change before a stable release?

Repository: https://github.com/Mizumi25/nagare

Showcase: https://nagare-nu.vercel.app/

npm: https://www.npmjs.com/package/@nagarejs/react

I'm mainly looking for honest criticism, not compliments. Thanks!

u/EagleRepulsive2877 — 5 days ago
▲ 6 r/npm+3 crossposts

I made an npm package for adding guardrails to MCP tools

I’ve been working with MCP servers lately, and one thing I wanted was a clean way to put policies around tool handlers before exposing them to agents.

So I built ToolGate, a TypeScript npm package for MCP server authors.

It lets you wrap existing tools with policies like:

  • risk level: read / write / external / destructive
  • approval required
  • allowed / denied file paths
  • allowed / denied network domains
  • allowed / denied command strings
  • timeout
  • rate limit
  • secret redaction
  • JSONL audit logs
  • structured policy failure results

Example:

server.tool(
  "delete_file",
  schema,
  gate({
    risk: "destructive",
    requireApproval: true,
    allowedPaths: ["src/**", "docs/**"],
    deniedPaths: [".env", "secrets/**"],
    audit: true,
    redact: true,
    timeoutMs: 10_000
  }, async (input) => {
    // actual tool logic
  })
);

The goal is not to replace the MCP SDK. ToolGate is a policy layer for MCP tool handlers.

I’d like feedback from people building MCP servers:

  • Would this fit your current tool structure?
  • Would you prefer middleware, proxy/gateway, or both?
  • What policy types would you expect?

Repo: https://github.com/Wezylnia/toolgate
npm: toolgate-mcp

u/weesIinia — 6 days ago
▲ 1 r/npm+1 crossposts

A Drag And Drop Directive for Angular

Well, a lightweight headless directive to drag and drop stuff in. When I have the time, I will add async stream. For now you will need to wait till all files are parsed and for loops through the files.

reddit.com
u/h-k-dev — 11 days ago
▲ 5 r/npm+2 crossposts

Open source client for deps.dev API

Free access to dependencies, licenses, advisories and other critical health and security signals for open source package versions.

GitHub repo: https://github.com/edoardottt/depsdev

https://deps.dev/ (a Google project) repeatedly examines sites such as github.com, npmjs.com, pkg.go.dev and other package managers to find up-to-date information about open source software packages. Using that information it builds for each package the full dependency graph from scratch connecting it to the packages it depends on and to those that depend on it. And then does it all again to keep the information fresh. This transitive dependency graph allows problems in any package to be made visible to the owners and users of any software they affect.

If you're playing with/building OSS/dependency security let me know your thoughts! If you encounter an error or want so suggest an improvement just open an issue :) I'll be happy to discuss about that!

u/edoardottt — 13 days ago