playbooks

home / skills / third774 / dotfiles / opensrc

opensrc skill

/opencode/skills/opensrc

This skill fetches source code for npm, PyPI, crates.io or GitHub repos to give AI agents deeper implementation context.

npx playbooks add skill third774/dotfiles --skill opensrc

Review the files below or copy the command above to add this skill to your agents.

Files (4)
SKILL.md
3.5 KB
---
name: opensrc
description: Fetch source code for npm, PyPI, or crates.io packages and GitHub/GitLab repos to provide AI agents with implementation context beyond types and docs. Use when needing to understand how a library works internally, debug dependency issues, or explore package implementations.
---

# opensrc

CLI tool to fetch source code for packages/repos, giving AI coding agents deeper implementation context.

## When to Use

- Need to understand how a library/package works internally (not just its interface)
- Debugging issues where types alone are insufficient
- Exploring implementation patterns in dependencies
- Agent needs to reference actual source code of a package

## Quick Start

```bash
# Install globally or use npx
npm install -g opensrc

# Fetch npm package (auto-detects installed version from lockfile)
npx opensrc zod

# Fetch from other registries
npx opensrc pypi:requests       # Python/PyPI
npx opensrc crates:serde        # Rust/crates.io

# Fetch GitHub repo directly
npx opensrc vercel/ai           # owner/repo shorthand
npx opensrc github:owner/repo   # explicit prefix
npx opensrc https://github.com/colinhacks/zod  # full URL

# Fetch specific version/ref
npx opensrc [email protected]
npx opensrc owner/[email protected]
```

## Commands

| Command | Description |
|---------|-------------|
| `opensrc <packages...>` | Fetch source for packages/repos |
| `opensrc list` | List all fetched sources |
| `opensrc remove <name>` | Remove specific source |
| `opensrc clean` | Remove all sources |

## Output Structure

After fetching, sources stored in `opensrc/` directory:

```
opensrc/
├── settings.json           # User preferences
├── sources.json            # Index of fetched packages/repos
└── repos/
    └── github.com/
        └── owner/
            └── repo/       # Cloned source code
```

## File Modifications

On first run, opensrc prompts to modify:
- `.gitignore` - adds `opensrc/` to ignore list
- `tsconfig.json` - excludes `opensrc/` from compilation
- `AGENTS.md` - adds section pointing agents to source code

Use `--modify` or `--modify=false` to skip prompt.

## Key Behaviors

1. **Version Detection** - For npm, auto-detects installed version from `node_modules`, `package-lock.json`, `pnpm-lock.yaml`, or `yarn.lock`
2. **Repository Resolution** - Resolves package to its git repo via registry API, clones at matching tag
3. **Monorepo Support** - Handles packages in monorepos via `repository.directory` field
4. **Shallow Clone** - Uses `--depth 1` for efficient cloning, removes `.git` after clone
5. **Tag Fallback** - Tries `v{version}`, `{version}`, then default branch if tag not found

## Common Workflows

### Fetching a Package

```bash
# Agent needs to understand zod's implementation
npx opensrc zod
# → Detects version from lockfile
# → Finds repo URL from npm registry
# → Clones at matching git tag
# → Source available at opensrc/repos/github.com/colinhacks/zod/
```

### Updating Sources

```bash
# Re-run same command to update to currently installed version
npx opensrc zod
# → Checks if version changed
# → Re-clones if needed
```

### Multiple Sources

```bash
# Fetch multiple at once
npx opensrc react react-dom next
npx opensrc zod pypi:pydantic vercel/ai
```

## References

For detailed information:
- [CLI Usage & Options](references/cli-usage.md) - Full command reference
- [Architecture](references/architecture.md) - Code structure and extension
- [Registry Support](references/registry-support.md) - npm, PyPI, crates.io details

Overview

This skill fetches source code for npm, PyPI, crates.io packages and GitHub/GitLab repositories so AI agents can inspect real implementations instead of just types or docs. It provides a local, versioned snapshot of package repos and stores them under an opensrc/ directory for fast agent access. Use it to give agents concrete code context for debugging, auditing, or understanding dependency behavior.

How this skill works

The CLI resolves a package to its upstream repository using registry APIs or accepts direct repo identifiers/URLs. It detects installed versions from lockfiles and node_modules (for npm), clones the matching git tag (with shallow --depth 1 clones), handles monorepo layouts via repository.directory, and removes .git for a lightweight snapshot. Sources are indexed in sources.json and placed under opensrc/repos/ by host/owner/repo.

When to use it

  • When an agent needs to read library internals to explain behavior beyond type signatures
  • Debugging a dependency issue where stack traces or types are insufficient
  • Auditing or reviewing third-party code for security or licensing reasons
  • Exploring implementation patterns across packages or versions
  • Preparing an AI agent to generate fixes or reproduce a bug using real source

Best practices

  • Run from the project root so lockfiles and node_modules can be detected for version resolution
  • Use explicit prefixes (pypi:, crates:, github:) when ambiguous package names exist
  • Keep opensrc/ in .gitignore and exclude it from builds to avoid packaging snapshots
  • Re-run fetch commands when dependencies update to refresh snapshots
  • Use --modify=false in automation to skip interactive file-modification prompts

Example use cases

  • Fetch zod to let an agent trace type coercion and parsing internals when debugging runtime validation errors
  • Pull requests of a dependency at a specific tag to compare behavior between versions
  • Provide an AI assistant with the implementation of a Python package (pypi:requests) for detailed code reasoning
  • Collect multiple related repos (react, react-dom, next) so an agent can analyze cross-package interactions
  • Clone a GitHub repo by URL for agent-guided refactoring or vulnerability triage

FAQ

How are versions chosen when fetching an npm package?

The tool auto-detects installed versions from node_modules and common lockfiles, then attempts to clone matching tags (v{version}, {version}) or falls back to the default branch.

Will fetching modify my project files?

On first run it prompts to add opensrc/ to .gitignore, exclude it from tsconfig.json, and add an AGENTS.md note; you can bypass prompts with --modify=false.

Can it handle monorepos?

Yes. It respects repository.directory fields and will fetch the subtree for the package inside a monorepo.