SDKs for Package Authors

Now available at no cost to project maintainers.

Scarf’s SDKs for package authors provide easy-to-install telemetry to understand how your software is being used. Maintainers of npm packages can add a package dependency on scarf-js to gain actionable insights into patterns of use and help keep their packages running smoothly. Support for other languages is on the way.

Scarf package authors illustration

Find answers to questions like:

Which versions of your package are being used most?

Which platforms are your installs coming from?

Are there companies using your library that would pay you for support?

Scarf-js is a package analytics SDK for npm packages. Add the dependency to your package. Gain actionable insights.

Easy to install and gain visibility into usage patterns, without ever compromising end-user privacy.

No cost. No coding required. Data to inform your package distribution and keep it running smoothly.


How do I get started using scarf-js for package installation analytics?

First step: Sign up for a free Scarf account to create a package entry on Scarf. Select "npm" as your package type. Once created, add a dependency on this library to your own:
$ npm i --save @scarf/scarf
Once your library is published to npm with this change, Scarf will automatically collect stats on install, with no additional code is required. You’ll find package analytics displayed on your Scarf dashboard.

What kinds of analytics do package authors get from scarf-js?

• Data insights about your user base
• A view into which companies and organizations are using your package
• Insights into the growth of your project, including information about locales and platforms where users are active.
• Information about which versions of your package are in use.

What information does scarf-js collect from end-users?

Scarf does not store any personally identifiable information (PII) from SDK telemetry data. Scarf collects information that’s helpful for:
• Package maintenance.
• Identifying which companies are using a particular package, in order to enable communication and support agreements between developers and commercial entities.

Specifically, scarf-js sends:
• The operating system in use when the package is downloaded.
• The end user’s IP address is used to look up available company information. Scarf does not store the IP address.
• Limited dependency tree information. Scarf sends the name and version of the package(s) that directly depend on scarf-js.
• Additionally, scarf-js sends SHA256-hashed name and version for packages in the dependency tree that meet these requirements:
- It depends on a package that depends on scarf-js.
- Scarf also shares the root package of the dependency tree. In this way, we provide maintainers with information about the public packages using their code, without exposing identifying details of non-public packages.

As a user of a package using scarf-js, how can I opt out of analytics?

Our privacy-preserving telemetry provides data insights that enable maintainers to understand the needs of their end users, so we appreciate your opt-in. However, we understand that you may want to opt out for a variety of reasons, so we've built multiple ways to opt out. You can opt out via your configuration in your project's package.json or via environment variable. See our documentation for more details about how to opt out.

Sign up for Scarf updates

Real news and infrequent announcements about what we’re up to at Scarf: product releases, tool updates, open betas, job opportunities, and more.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.