Gathering detailed insights and metrics for @angular-devkit/core
Gathering detailed insights and metrics for @angular-devkit/core
Installations
npm install @angular-devkit/coreDeveloper Guide
BETA
Typescript
No
Module System
CommonJS, ESM
Min. Node Version
^20.19.0 || ^22.12.0 || >=24.0.0
Node Version
22.16.0
NPM Version
11.3.0
Score
97.3
Supply Chain
99.6
Quality
96.5
Maintenance
100
Vulnerability
100
License
Releases
847
Languages
8
TypeScript
Starlark
JavaScript
HTML
EJS
Shell
jq
CSS
TypeScript (95.02%)
Starlark (2.32%)
JavaScript (1.34%)
HTML (0.98%)
EJS (0.24%)
Shell (0.06%)
jq (0.03%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
26,942 Stars
16,787 Commits
11,961 Forks
989 Watchers
31 Branches
659 Contributors
Updated on Jun 30, 2025
Bundle Size
324.18 kB
Minified
91.71 kB
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
20.0.4
Package Id
@angular-devkit/core@20.0.4
Unpacked Size
257.33 kB
Size
54.11 kB
File Count
113
NPM Version
11.3.0
Node Version
22.16.0
Published on
Jun 25, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
6
Peer Dependencies
1
Core
Shared utilities for Angular DevKit.
Exception
Json
Schema
SchemaValidatorResult
export interface SchemaValidatorResult {
success: boolean;
errors?: string[];
}
SchemaValidator
export interface SchemaValidator {
(data: any): Observable<SchemaValidatorResult>;
}
SchemaFormatter
export interface SchemaFormatter {
readonly async: boolean;
validate(data: any): boolean | Observable<boolean>;
}
SchemaRegistry
export interface SchemaRegistry {
compile(schema: Object): Observable<SchemaValidator>;
addFormat(name: string, formatter: SchemaFormatter): void;
}
CoreSchemaRegistry
SchemaRegistry implementation using https://github.com/epoberezkin/ajv.
Constructor accepts object containing SchemaFormatter that will be added automatically.
export class CoreSchemaRegistry implements SchemaRegistry {
constructor(formats: { [name: string]: SchemaFormatter} = {}) {}
}
Logger
Utils
Virtual FS
Workspaces
The workspaces namespace provides an API for interacting with the workspace file formats.
It provides an abstraction of the underlying storage format of the workspace and provides
support for both reading and writing. Currently, the only supported format is the JSON-based
format used by the Angular CLI. For this format, the API provides internal change tracking of values which
enables fine-grained updates to the underlying storage of the workspace. This allows for the
retention of existing formatting and comments.
A workspace is defined via the following object model. Definition collection objects are specialized
Javascript Map objects with an additional add method to simplify addition and provide more localized
error checking of the newly added values.
1export interface WorkspaceDefinition { 2 readonly extensions: Record<string, JsonValue | undefined>; 3 readonly projects: ProjectDefinitionCollection; 4} 5 6export interface ProjectDefinition { 7 readonly extensions: Record<string, JsonValue | undefined>; 8 readonly targets: TargetDefinitionCollection; 9 root: string; 10 prefix?: string; 11 sourceRoot?: string; 12} 13 14export interface TargetDefinition { 15 options?: Record<string, JsonValue | undefined>; 16 configurations?: Record<string, Record<string, JsonValue | undefined> | undefined>; 17 builder: string; 18}
The API is asynchronous and has two main functions to facilitate reading, creation, and modifying
a workspace: readWorkspace and writeWorkspace.
1export enum WorkspaceFormat { 2 JSON, 3}
1export function readWorkspace(
2 path: string,
3 host: WorkspaceHost,
4 format?: WorkspaceFormat,
5): Promise<{ workspace: WorkspaceDefinition }>;1export function writeWorkspace(
2 workspace: WorkspaceDefinition,
3 host: WorkspaceHost,
4 path?: string,
5 format?: WorkspaceFormat,
6): Promise<void>;A WorkspaceHost abstracts the underlying data access methods from the functions. It provides
methods to read, write, and analyze paths. A utility function is provided to create
an instance of a WorkspaceHost from the Angular DevKit's virtual filesystem host abstraction.
1export interface WorkspaceHost {
2 readFile(path: string): Promise<string>;
3 writeFile(path: string, data: string): Promise<void>;
4 isDirectory(path: string): Promise<boolean>;
5 isFile(path: string): Promise<boolean>;
6}
7
8export function createWorkspaceHost(host: virtualFs.Host): WorkspaceHost;Usage Example
To demonstrate the usage of the API, the following code will show how to add a option property to a build target for an application.
1import { NodeJsSyncHost } from '@angular-devkit/core/node'; 2import { workspaces } from '@angular-devkit/core'; 3 4async function demonstrate() { 5 const host = workspaces.createWorkspaceHost(new NodeJsSyncHost()); 6 const { workspace } = await workspaces.readWorkspace('path/to/workspace/directory/', host); 7 8 const project = workspace.projects.get('my-app'); 9 if (!project) { 10 throw new Error('my-app does not exist'); 11 } 12 13 const buildTarget = project.targets.get('build'); 14 if (!buildTarget) { 15 throw new Error('build target does not exist'); 16 } 17 18 buildTarget.options.optimization = true; 19 20 await workspaces.writeWorkspace(workspace, host); 21} 22 23demonstrate();
No vulnerabilities found.
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
update tool detected
Details
- Info: detected update tool: Dependabot: .github/dependabot.yml:1
- Info: detected update tool: RenovateBot: renovate.json:1
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:17
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:20
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecard.yml:19
- Info: topLevel 'contents' permission set to 'read': .github/workflows/assistant-to-the-branch-manager.yml:10
- Info: found token with 'none' permissions: .github/workflows/ci.yml:1
- Info: found token with 'none' permissions: .github/workflows/codeql.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dev-infra.yml:9
- Info: topLevel 'contents' permission set to 'read': .github/workflows/feature-requests.yml:5
- Info: topLevel 'contents' permission set to 'read': .github/workflows/perf.yml:11
- Info: found token with 'none' permissions: .github/workflows/pr.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:12
- Info: no jobLevel write permissions found
Reason
no binaries found in the repo
Reason
all dependencies are pinned
Details
- Info: 13 out of 13 GitHub-owned GitHubAction dependencies pinned
- Info: 56 out of 56 third-party GitHubAction dependencies pinned
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
28 out of 28 merged PRs checked by a CI test -- score normalized to 10
Reason
project has 64 contributing companies or organizations
Details
- Info: found contributions from: AngularAir, AngularClass, FACTORYX, FEMR, FieldDB, HTTPArchive, Jasig, Many-Repo-Manager-PoC, Ninja-Squad, QwikDev, ReactWeek, RedditInsight, SofiaJavaScript, TrilonIO, angular, angular @google, angular-community, angular-redux, angularjs-in-action, app-demos, aspect-build, async-framework, beerjs, coddict, deployd, expert support, gethuman, google, google-gemini, googlers, guess-js, hackreactor, hizenapp, https://1fpga.com, keychain, kunai-consulting, mend, monsoonco, nestjs, newlinedotco, ng-cruise, ng-newsletter, ng-packagr, ngcommunity, nguniversal, ninja-squad, nko4, nrwl, obshtestvo, qwikifiers, rangle, rangleio, rectanglepodcast-com, source-map, storybookjs, testiumjs, trilonio co-founder, typed-typings, typings, uniform-team, vue-software, vuejs, wasmbinaries, webpack
Reason
Found 28/30 approved changesets -- score normalized to 9
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 28 are checked with a SAST tool
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Warn: codeowners review is not required on branch 'main'
- Warn: no status checks found to merge onto branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Reason
badge detected: InProgress
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
8.2
/10
Last Scanned on 2025-06-30T16:42:18Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More