SDKs for Package Authors

Scarf’s SDKs for package authors provide easy-to-install telemetry to understand how your software is being used. Maintainers of npm packages can add a package dependency on scarf-js to gain actionable insights into patterns of use and help keep their packages running smoothly. Support for other languages is on the way.

Native JS support

Scarf-js is an analytics SDK for npm packages. Add the dependency to your package. Gain actionable insights on every install

Easy to install

Easy to install and gain visibility into usage patterns, without ever compromising end-user privacy.

No Cost

No cost. No coding required. Data to inform your package distribution and keep it running smoothly.

Frequently asked questions

Everything you need to know about Package SDKS

How do I get started using scarf-js for package installation analytics?

First step: Sign up for a free Scarf account to create a package entry on Scarf. Select "npm" as your package type. Once created, add a dependency on this library to your own:

$ npm i --save @scarf/scarf

Once your library is published to npm with this change, Scarf will automatically collect stats on install, with no additional code is required. You’ll find package analytics displayed on your Scarf dashboard.

What kinds of analytics do package authors get from scarf-js?

• Data insights about your user base

• A view into which companies and organizations are using your package

• Insights into the growth of your project, including information about locales and platforms where users are active.

• Information about which versions of your package are in use.

What information does scarf-js collect from end-users?

Scarf does not store any personally identifiable information (PII) from SDK telemetry data. Scarf collects information that’s helpful for:

• Package maintenance.

• Identifying which companies are using a particular package, in order to enable communication and support agreements between developers and commercial entities.Specifically, scarf-js sends:

• The operating system in use when the package is downloaded.

• The end user’s IP address is used to look up available company information. Scarf does not store the IP address.

• Limited dependency tree information. Scarf sends the name and version of the package(s) that directly depend on scarf-js.

• Additionally, scarf-js sends SHA256-hashed name and version for packages in the dependency tree that meet these requirements:

- It depends on a package that depends on scarf-js.

- Scarf also shares the root package of the dependency tree. In this way, we provide maintainers with information about the public packages using their code, without exposing identifying details of non-public packages.

As a user of a package using scarf-js, how can I opt out of analytics?

Our privacy-preserving telemetry provides data insights that enable maintainers to understand the needs of their end users, so we appreciate your opt-in. However, we understand that you may want to opt out for a variety of reasons, so we've built multiple ways to opt out. You can opt out via your configuration in your project's package.json or via environment variable. See our documentation for more details about how to opt out.

Still have questions?

Can’t find the answer you’re looking for? Please chat to our friendly team.