Security News
npm Introduces minimumReleaseAge and Bulk OIDC Configuration
npm rolls out a package release cooldown and scalable trusted publishing updates as ecosystem adoption of install safeguards grows.
By Sarah Gooding - Feb 26, 2026
Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details →
evalite
Test your LLM-powered apps with a TypeScript-native, Vitest-based eval runner. No API key required.
What Is Evalite?
- Fully open source: No API Key required.
- Local-first: runs on your machine, your data never leaves your laptop.
- Based on Vitest, the best TypeScript test runner around.
- Terminal UI for quick prototyping.
- Supports tracing and custom scorers.
How Do I Learn More?
Evalite Is Experimental
Evalite is still an experimental project. I'm actively working on it, and for now am pushing breaking changes.
If you run into any unexpected behavior:
- Delete the
node_modules/.evalitefolder. - Update
evaliteto the latest version. - Rerun your evals.
If, after that, you run into unexpected behavior, report an issue.
Guides
Watch Mode
You can run Evalite in watch mode by running evalite watch:
evalite watch
This will watch for changes to your .eval.ts files and re-run the evals when they change.
[!IMPORTANT]
I strongly recommend implementing a caching layer in your LLM calls when using watch mode. This will keep your evals running fast and avoid burning through your API credits.
Running Specific Files
You can run specific files by passing them as arguments:
evalite my-eval.eval.ts
This also works for watch mode:
evalite watch my-eval.eval.ts
Keywords
FAQs
Test your LLM-powered apps with a TypeScript-native, Vitest-based eval runner. No API key required.
The npm package evalite receives a total of 118,621 weekly downloads. As such, evalite popularity was classified as popular.
We found that evalite demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 14 Nov 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Risky Biz Podcast: Open Source Risk Is Compounding as AI Agents Write 90% of New Code
AI agents are writing more code than ever, and that's creating new supply chain risks. Feross joins the Risky Business Podcast to break down what that means for open source security.
By Sarah Gooding - Feb 24, 2026
Research
/Security News
Four Malicious NuGet Packages Target ASP.NET Developers With JIT Hooking and Credential Exfiltration
Socket uncovered four malicious NuGet packages targeting ASP.NET apps, using a typosquatted dropper and localhost proxy to steal Identity data and backdoor apps.
By Kush Pandya - Feb 23, 2026