Skip to main content

Wheelshop

@bixu/wheelshopv2026.06.07.1· 29d agoMODELSSKILLS
01README

Trust-gate auditor for npm/jsr packages used inside swamp extension models — agents pick candidates, wheelshop scores them against license, downloads, vulnerabilities, maintenance, and type-availability gates

02Release Notes

DO NOT USE 2026.06.07.0 (yanked — bundled wrong source). 2026.06.07.1 ships the intended redesign. BREAKING vs 2026.05.04.x: search and audit removed. Use evaluate({ packages, runtime, unsafe }) — agents now own discovery and pick candidates from npm/jsr by reading descriptions; wheelshop only audits the list against trust gates (license, downloads, vulnerabilities, recency, types, maintainers). JSR is a first-class registry alongside npm via per-package registry field. Bundled swamp-wheelshop skill teaches the new agent-side flow.

03Models1
@bixu/wheelshopv2026.06.07.1wheelshop.ts

Global Arguments

ArgumentTypeDescription
cacheDirstringDirectory for the 24h fetch cache
cacheTtlHoursnumberHow long cached registry responses stay fresh, in hours
fn evaluate(packages: array, runtime: enum, unsafe: boolean)
Audit a list of candidate npm/jsr packages against trust gates (license, downloads, vulnerabilities, recency, types) and return ranked verdicts. Agents handle discovery and semantic relevance; this method only handles gating and scoring. If every candidate fails the gates, returns action='ask_user' so the agent knows to prompt a human.
ArgumentTypeDescription
packagesarrayCandidate packages to evaluate. Pick these yourself by searching npm/jsr and reading descriptions for semantic fit before calling.
runtimeenumTarget runtime — affects scoring; JSR candidates get a small boost when 'deno' or 'both'
unsafebooleanMark every candidate approved even when blockers are present (DO NOT enable without explicit user approval)

Resources

evaluation(1d)— Trust-gate audit of a single candidate package
evaluationSummary(1d)— Summary of an evaluate run across multiple candidates
04Skills1
swamp-wheelshop1 file
05Previous Versions4
2026.06.07.0yankedJun 7, 2026

BREAKING: search and audit removed. Use evaluate({ packages, runtime, unsafe }) — agents now own discovery and pick candidates from npm/jsr by reading descriptions; wheelshop only audits the list against trust gates (license, downloads, vulnerabilities, recency, types, maintainers). JSR is a first-class registry alongside npm via per-package registry field. Bundled swamp-wheelshop skill teaches the new agent-side flow.

Added 1 skills

2026.05.04.3May 4, 2026
2026.05.04.2May 4, 2026
2026.05.04.1May 4, 2026
06Stats
A
100 / 100
Downloads
16
Archive size
20.8 KB
  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types (deprecated)1/1earned
  • Dependencies pass trust audit2/2earned
  • Has description1/1earned
  • Platform support declared (or universal)2/2earned
  • License declared1/1earned
  • Verified public repository2/2earned
07Platforms
08Labels