v1.0

registry-sync Terraform for package registries.

Audit your GitHub org against npmjs and GHCR. Detect version drift, find orphaned packages, and generate action plans.

Get started Read the Handbook

Audit

npx @mcptoolshop/registry-sync audit --org my-org

Plan

registry-sync plan --format markdown

Apply

registry-sync apply --confirm

How it works

Desired state, plan, apply — like infrastructure-as-code for publishing.

Audit

Scans every repo in your GitHub org, reads package.json and Dockerfile, queries npmjs and GHCR — builds a full presence matrix.

Plan

Computes what needs to change: publish, update, scaffold CI workflows, or prune orphaned packages. Risk-rated and sorted.

Apply

Executes the plan safely. Creates GitHub issues for drift and opens PRs for workflow scaffolding. Non-destructive by design.

Usage

Install

npm install -g @mcptoolshop/registry-sync

# Or use directly
npx @mcptoolshop/registry-sync audit

Library

import { audit, plan, loadConfig } from '@mcptoolshop/registry-sync';

const config = loadConfig();
const result = await audit(config);
const actions = plan(result, config);

console.log(actions.summary);

Supported registries

Registry

Audit

Apply

npmjs.com

Version drift detection

Issue + workflow PR

GHCR

Stale image + orphan detection

Workflow scaffold PR

GitHub npm (v2)

Planned

PyPI (v2)

Planned

Built right

Zero dependencies. Ship-gated. API-only — no cloning required.

Zero deps

Uses native fetch (Node 18+). No external runtime dependencies. Fast install, small footprint.

Non-destructive

Apply creates GitHub issues and PRs only. No direct publish, no container push. Requires explicit --confirm.

Companion to registry-stats

registry-stats reads download counts. registry-sync writes — audits, plans, and closes the loop.