Gathering detailed insights and metrics for @adobe/reactor-cookie
Gathering detailed insights and metrics for @adobe/reactor-cookie
Installations
npm install @adobe/reactor-cookieScore
79.3
Supply Chain
57.4
Quality
82.7
Maintenance
100
Vulnerability
100
License
Developer
adobe
Developer Guide
BETA
Module System
Unable to determine the module system for this package.
Min. Node Version
Typescript Support
No
Node Version
13.7.0
NPM Version
6.13.7
Statistics
16 Stars
1,102 Commits
21 Forks
22 Watching
15 Branches
237 Contributors
Updated on 30 Oct 2024
Languages
JavaScript (99.98%)
Shell (0.02%)
Total Downloads
Cumulative downloads
Total Downloads
384,510
Last day
-25.4%
876
Compared to previous day
Last week
-2.1%
5,560
Compared to previous week
Last month
16.5%
24,856
Compared to previous month
Last year
77.2%
172,632
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Versions
Adobe Experience Platform Tags Turbine (Web)
Adobe Experience Platform Tags is a next-generation tag management solution enabling simplified deployment of marketing technologies. For more information regarding Tags, please visit our product website.
Turbine is the orchestrator within a Tags JavaScript runtime library (the library deployed on a client website) which processes previously configured rules and delegates logic to extensions.
This project is not intended to be used directly by consumers; it is used by the Platform Tags build system and incorporated into emitted runtime libraries.
Contributing
Contributions are welcomed! Read the Contributing Guide for more information.
To get started:
- Install node.js.
- Clone the repository.
- After navigating into the project directory, install project dependencies by running
npm install.
Scripts
To run tests a single time, run the following command:
npm run test
To run tests continually while developing, run the following command:
npm run test:watch
To ensure your code meets our linting standards, run the following command:
npm run lint
To create a build, run the following command:
npm run build
Browser Support
Turbine supports the following browsers:
- Chrome (latest)
- Safari (latest)
- Firefox (latest)
- Internet Explorer (10 and above)
- iOS Safari (latest)
Licensing
This project is licensed under the Apache V2 License. See LICENSE for more information.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/adobe/.github/.github/SECURITY.md:1
- Info: Found linked content: github.com/adobe/.github/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/adobe/.github/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/adobe/.github/.github/SECURITY.md:1
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/reactor-turbine/dev.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/reactor-turbine/dev.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/reactor-turbine/dev.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/reactor-turbine/dev.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/reactor-turbine/dev.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish-core-modules.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/reactor-turbine/npm-publish-core-modules.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish-core-modules.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/reactor-turbine/npm-publish-core-modules.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm-publish-core-modules.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/reactor-turbine/npm-publish-core-modules.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/reactor-turbine/npm-publish.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/reactor-turbine/npm-publish.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/reactor-turbine/npm-publish.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm-publish.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/reactor-turbine/npm-publish.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm-publish.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/reactor-turbine/npm-publish.yaml/master?enable=pin
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 5 third-party GitHubAction dependencies pinned
- Info: 3 out of 3 npmCommand dependencies pinned
Reason
Found 2/20 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/dev.yaml:1
- Warn: no topLevel permission defined: .github/workflows/npm-publish-core-modules.yaml:1
- Warn: no topLevel permission defined: .github/workflows/npm-publish.yaml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 13 are checked with a SAST tool
Reason
12 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
- Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
Score
3.8
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More