Gathering detailed insights and metrics for @altano/tiny-async-pool
Gathering detailed insights and metrics for @altano/tiny-async-pool
Installations
npm install @altano/tiny-async-poolScore
73.6
Supply Chain
95.7
Quality
78.7
Maintenance
100
Vulnerability
100
License
Releases
31
@altano/html-cdnify@3.0.3
@altano/html-cdnify@3.0.3
Published on 04 Nov 2024
@altano/vitest-plugins@0.2.0
@altano/vitest-plugins@0.2.0
Published on 28 Oct 2024
@altano/use-toc-visible-sections@2.0.1
@altano/use-toc-visible-sections@2.0.1
Published on 28 Oct 2024
@altano/use-visible-elements@2.0.1
@altano/use-visible-elements@2.0.1
Published on 28 Oct 2024
@altano/remark-mdx-toc-with-slugs@3.0.0
@altano/remark-mdx-toc-with-slugs@3.0.0
Published on 28 Oct 2024
@altano/remark-mdx-toc@0.0.1
@altano/remark-mdx-toc@0.0.1
Published on 28 Oct 2024
Developer
altano
Developer Guide
BETA
Module System
ESM
Min. Node Version
Typescript Support
Yes
Node Version
20.11.1
NPM Version
10.2.4
Statistics
6 Stars
243 Commits
2 Forks
2 Watching
8 Branches
1 Contributors
Updated on 04 Nov 2024
Languages
TypeScript (91.23%)
JavaScript (3.97%)
HTML (3.1%)
CSS (1.06%)
MDX (0.51%)
Shell (0.13%)
Total Downloads
Cumulative downloads
Total Downloads
749,300
Last day
-35.3%
269
Compared to previous day
Last week
-7.8%
1,835
Compared to previous week
Last month
-1.3%
7,825
Compared to previous month
Last year
-73.9%
141,590
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
alan's npm package monorepo
Development Environment
This repository has a devbox.json which means you can trivially create a development environment for it. That environment is also used in GitHub action workflows.
Read the Devbox quickstart or read more about why Devbox is fantastic on my website.
Playwright
The Playwright setup in this repository is a little finicky. When updating the version:
- The version of
@playwright/testin any package.json must be kept in sync withplaywright-driverindevbox.json. Both should be precisely hard-coded (no semver ranges or'latest'). - The nixpkgs hash in
devbox.lockforplaywright-driver.browsersmust be manually changed to match the hash for theplaywright-driverentry or the browsers will be the wrong version and tests will fail.
Contributing
I don't expect any contributions to this repository but I will accept pull requests.
When submitting a pull request that should result in a version bump of a package, please include a changeset (run pnpm changeset before pushing).
Publishing Packages Process
A GitHub release action will automatically create a PR to release new versions of packages based on changesets merged into the main branch.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
5 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Reason
SAST tool is not run on all commits -- score normalized to 1
Details
- Warn: 5 commits out of 30 are checked with a SAST tool
Reason
Found 0/28 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/altano/npm-packages/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/altano/npm-packages/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/altano/npm-packages/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/altano/npm-packages/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/altano/npm-packages/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/altano/npm-packages/test.yml/main?enable=pin
- Warn: containerImage not pinned by hash: examples/satori-fit-text-node-cli/.codesandbox/Dockerfile:1: pin your Docker image by updating node:20-bullseye to node:20-bullseye@sha256:74ad23a4ae13681054b3ea9f7c05e891b0c0e9c856b948e0628fba70973583da
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 containerImage dependencies pinned
Score
4.7
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More