Security News
CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives Growth
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.
By Sarah Gooding - Jan 09, 2026
package-stream
Advanced tools
package-stream
An endless stream of nice package data from the npm registry.
See also all-the-packages, a similar package designed for offline use.
Installation
npm install package-stream --save
Usage
The stream is an event emitter that emits two events: package and up-to-date.
The up-to-date event is emitted when the stream reaches the end of all
existing packages, but unlike typical read streams, this stream has no end
event. It remains open indefinitely, emitting package events as new package
versions are published to the npm registry in real time.
const registry = require('package-stream')()
registry
.on('package', function (pkg, seq) {
// pkg: nice clean package object
// seq: the sequence number of the "package" event, useful for logging/tracking
})
.on('up-to-date', function () {
// consumed all changes (for now)
// The stream will remain open and continue receiving package
// updates from the registry as they occur in real time.
})
Nice Packages
Each object emitted by the package event is a
nice-package instance.
Nice packages have cleaner metadata than you'd get directly from the npm
registry, and some handy
convenience methods
.
Here's an example that uses the
somehowDependsOn()
method to find all packages the have choo in their dependencies or
devDependencies:
const registry = require('package-stream')()
const dependents = []
registry
.on('package', function (pkg) {
if (pkg.someHowDependsOn('choo')) dependents.push(pkg.name)
})
.on('up-to-date', function () {
process.stdout.write(JSON.stringify(dependents))
process.exit()
})
To see the full list of available methods, check out the nice-package documentation.
Options
The changes-stream package is used
under the hood, and
all of its options
are supported by package-stream. The default options used by package-stream
are:
{
db: 'https://replicate.npmjs.com',
include_docs: true
}
The options you provide are merged with the defaults above.
Tests
npm install
npm test
Dependencies
- changes-stream: Simple module that handles getting changes from couchdb
- got: Simplified HTTP requests
- nice-package: Clean up messy package metadata from the npm registry
Dev Dependencies
- tap-spec: Formatted TAP output like Mocha's spec reporter
- tape: tap-producing test harness for node and browsers
License
MIT
Generated by package-json-to-readme
FAQs
An endless stream of clean package data from the npm registry.
We found that package-stream demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 14 Jun 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.
By Sarah Gooding - Jan 08, 2026
Security News
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.
By Sarah Gooding - Jan 08, 2026