Stack · npm packages

Every npm package we detect, with the version it ships

103 npm packages with a hand-curated page, each pulling live registry data — exact version, dependencies, README and a DevTools walkthrough for reproducing the detection. Any other registry slug resolves on demand at /stack/npm/<name>.

How npm-package detection works

When a site ships JavaScript sourcemaps, the original module layout survives minification. Sourcemap Explorer scans the sourcemap's sources[] array for node_modules/<package>/ paths and reads the embedded package.json from sourcesContent[] to pin the exact semver — patch number included. That is how a single page reveals not just that a site uses a library but which release of it is in production, dependencies and all.

The catalogue below is the curated set that ships a full editorial page. It skews toward the packages most worth identifying in the wild — UI and state libraries, data-fetching clients, form and validation kits, analytics SDKs and the framework cores they hang off. Transitive dependencies still render on demand when you follow a dependency link, but the curated set is where the depth lives.

All 103 curated npm packages

react react-dom next vue @angular/core svelte preact solid-js lodash lodash-es underscore ramda rxjs axios ky zod yup joi @tanstack/react-query @tanstack/query-core @tanstack/table-core swr redux @reduxjs/toolkit zustand jotai valtio mobx react-hook-form @hookform/resolvers formik react-router react-router-dom @remix-run/react wouter react-i18next i18next luxon dayjs date-fns moment @stripe/stripe-js @stripe/react-stripe-js @sentry/browser @sentry/react @sentry/nextjs posthog-js mixpanel-browser @amplitude/analytics-browser @segment/analytics-next tailwindcss clsx tailwind-merge class-variance-authority @radix-ui/react-dialog @radix-ui/react-tooltip @radix-ui/react-popover framer-motion lucide-react react-icons @heroicons/react react-hot-toast sonner @floating-ui/react react-aria @headlessui/react @chakra-ui/react @mui/material antd @mantine/core three @react-three/fiber @react-three/drei d3 recharts chart.js victory echarts lottie-web @lottiefiles/react-lottie-player embla-carousel swiper react-virtual @tanstack/react-virtual fuse.js fast-deep-equal uuid nanoid @firebase/app firebase @supabase/supabase-js stripe graphql @apollo/client @trpc/client drizzle-orm prisma @prisma/client next-auth @auth/core openai @anthropic-ai/sdk ai

Other parts of the catalogue

Frameworks & platforms

Every framework, CMS, host and SaaS we fingerprint. /stack/tech →

WordPress plugins

Plugins enumerated from wp-content URLs, by slug. /stack/wordpress →

FAQ

How does Sourcemap Explorer detect which npm packages a site uses?

It reads the JavaScript sourcemap a site ships. The sourcemap's sources[] array preserves the original node_modules/<package>/ paths, and sourcesContent[] often embeds each package's package.json — so the exact installed version comes straight from the bundle, not a fingerprint guess. Any package on the npm registry resolves on demand at /stack/npm/<name>, even those not listed here.

Why does the version on a real site differ from the latest on npm?

Sites bundle whatever version was installed when they last built. That can lag the registry's latest by months. Sourcemap Explorer reports the version actually shipped in the bundle, so each package page distinguishes the live-site version from the current npm release.

Can you detect a scoped package like @tanstack/react-query?

Yes. Scoped packages keep their node_modules/@scope/name/ path in the sourcemap, so they're detected the same way and live at /stack/npm/@scope/name.