3
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill third774/dotfiles --skill opensrc- SKILL.md3.5 KB
Overview
This skill fetches source code for npm, PyPI, crates.io packages and GitHub/GitLab repositories so AI agents can inspect real implementations instead of just types or docs. It provides a local, versioned snapshot of package repos and stores them under an opensrc/ directory for fast agent access. Use it to give agents concrete code context for debugging, auditing, or understanding dependency behavior.
How this skill works
The CLI resolves a package to its upstream repository using registry APIs or accepts direct repo identifiers/URLs. It detects installed versions from lockfiles and node_modules (for npm), clones the matching git tag (with shallow --depth 1 clones), handles monorepo layouts via repository.directory, and removes .git for a lightweight snapshot. Sources are indexed in sources.json and placed under opensrc/repos/ by host/owner/repo.
When to use it
- When an agent needs to read library internals to explain behavior beyond type signatures
- Debugging a dependency issue where stack traces or types are insufficient
- Auditing or reviewing third-party code for security or licensing reasons
- Exploring implementation patterns across packages or versions
- Preparing an AI agent to generate fixes or reproduce a bug using real source
Best practices
- Run from the project root so lockfiles and node_modules can be detected for version resolution
- Use explicit prefixes (pypi:, crates:, github:) when ambiguous package names exist
- Keep opensrc/ in .gitignore and exclude it from builds to avoid packaging snapshots
- Re-run fetch commands when dependencies update to refresh snapshots
- Use --modify=false in automation to skip interactive file-modification prompts
Example use cases
- Fetch zod to let an agent trace type coercion and parsing internals when debugging runtime validation errors
- Pull requests of a dependency at a specific tag to compare behavior between versions
- Provide an AI assistant with the implementation of a Python package (pypi:requests) for detailed code reasoning
- Collect multiple related repos (react, react-dom, next) so an agent can analyze cross-package interactions
- Clone a GitHub repo by URL for agent-guided refactoring or vulnerability triage
FAQ
The tool auto-detects installed versions from node_modules and common lockfiles, then attempts to clone matching tags (v{version}, {version}) or falls back to the default branch.
Will fetching modify my project files?
On first run it prompts to add opensrc/ to .gitignore, exclude it from tsconfig.json, and add an AGENTS.md note; you can bypass prompts with --modify=false.
Can it handle monorepos?
Yes. It respects repository.directory fields and will fetch the subtree for the package inside a monorepo.