Gathering detailed insights and metrics for @azure/keyvault-common
Gathering detailed insights and metrics for @azure/keyvault-common
This repository is for active development of the Azure SDK for JavaScript (NodeJS & Browser). For consumers of the SDK we recommend visiting our public developer docs at https://docs.microsoft.com/javascript/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-js.
Installations
npm install @azure/keyvault-commonReleases
3,437
@azure/core-rest-pipeline_1.18.1
@azure/core-rest-pipeline_1.18.1
Published on 26 Nov 2024
@azure/arm-networkcloud_2.0.0-beta.1
@azure/arm-networkcloud_2.0.0-beta.1
Published on 26 Nov 2024
@azure/arm-apimanagement_9.2.0
@azure/arm-apimanagement_9.2.0
Published on 26 Nov 2024
@azure/template_1.0.13-beta.4363791
@azure/template_1.0.13-beta.4363791
Published on 26 Nov 2024
@azure/template_1.0.13-beta.4363714
@azure/template_1.0.13-beta.4363714
Published on 26 Nov 2024
@azure/template_1.0.13-beta.4363677
@azure/template_1.0.13-beta.4363677
Published on 25 Nov 2024
Developer
Azure
Developer Guide
BETA
Module System
ESM, UMD
Min. Node Version
>=18.0.0
Typescript Support
Yes
Node Version
18.5.0
NPM Version
Statistics
2,095 Stars
17,466 Commits
1,209 Forks
357 Watching
459 Branches
2,703 Contributors
Updated on 28 Nov 2024
Languages
TypeScript (86.72%)
JavaScript (12.89%)
PowerShell (0.32%)
Bicep (0.05%)
HTML (0.01%)
Mustache (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
6,030,089
Last day
-30.4%
169,074
Compared to previous day
Last week
-12.6%
879,118
Compared to previous week
Last month
204%
4,069,719
Compared to previous month
Last year
2,590.1%
5,813,364
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
8
Versions
Azure SDK for JavaScript
This repository is for the Azure SDK for JavaScript (Node.js & Browser). It contains libraries for the breadth of Azure services. Management libraries are packages that you would use to provision and manage Azure resources. Client libraries are packages that you would use to consume these resources and interact with them.
Getting started
A few helpful resources to get started are:
- The readme for each package contains code samples and package information. This readme can be found in the corresponding package folder under the folder of the service of your choice in the
/sdkfolder of this repository. The same readme file can be found on the landing page for the package in npm. - The API reference documentation of the latest versions of these packages, can be found at our public developer docs.
- The API reference documentation of older versions, can be found in our versioned developer docs.
Each service might have a number of libraries available from each of the following categories:
NOTE: Some of these packages have beta versions. If you need to ensure your code is ready for production, use one of the stable, non-beta packages.
Client
Given an Azure resource already exists, you would use the client libraries to consume it and interact with it. Most of these libraries follow the Azure SDK Design Guidelines for JavaScript & TypeScript and share a number of core functionalities such as retries, logging, transport protocols, authentication protocols, etc. Others will be updated in the near future to follow the guidelines as well.
To get a list of all client libraries that follow the new guidelines, please visit our Azure SDK releases page.
Management
Management libraries enable you to provision and manage Azure resources via the Azure Resource Manager i.e. ARM. You can recognize these libraries by @azure/arm- in their package names. These are purely auto-generated based on the swagger files that represent the APIs for resource management.
Newer versions of these libraries follow the Azure SDK Design Guidelines for TypeScript. These new versions provide a number of core capabilities that are shared amongst all Azure SDKs, including the intuitive Azure Identity library, an HTTP Pipeline with custom policies, error-handling, distributed tracing, and much more. A few helpful resources to get started with these are:
- List of management libraries that follow the new guidelines
- Documentation and code samples.
- Migration guide that shows how to transition from older versions of libraries.
NOTE: If you are experiencing authentication issues with the management libraries after upgrading certain packages, it's possible that you upgraded to the new versions of SDK without changing the authentication code, please refer to the migration guide mentioned above for proper instructions.
Need help?
- For detailed documentation, visit our Azure SDK for JavaScript documentation
- File an issue via GitHub Issues
- Check previous questions or ask new ones on StackOverflow using
azure-sdk-jstag. - Read our Support documentation.
Community
Try our community resources.
Reporting security issues and security bugs
Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) secure@microsoft.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the Security TechCenter.
Contributing
For details on contributing to this repository, see the contributing guide.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repositories using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/event-processor.yml:30
- Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/event.yml:17
- Info: jobLevel 'checks' permission set to 'read': .github/workflows/event.yml:19
- Info: found token with 'none' permissions: .github/workflows/event-processor.yml:1
- Info: found token with 'none' permissions: .github/workflows/event.yml:1
- Info: found token with 'none' permissions: .github/workflows/scheduled-event-processor.yml:1
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
binaries present in source code
Details
- Warn: binary detected: samples/frameworks/react-native/appconfigBasic/android/gradle/wrapper/gradle-wrapper.jar:1
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
- Warn: 'stale review dismissal' is disabled on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Info: codeowner review is required on branch 'main'
- Warn: 'last push approval' is disabled on branch 'main'
- Warn: 'up-to-date branches' is disabled on branch 'main'
- Info: status check found to merge onto on branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/event-processor.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-sdk-for-js/event-processor.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/event-processor.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-sdk-for-js/event-processor.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/event-processor.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-sdk-for-js/event-processor.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/event.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-sdk-for-js/event.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scheduled-event-processor.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/Azure/azure-sdk-for-js/scheduled-event-processor.yml/main?enable=pin
- Warn: containerImage not pinned by hash: sdk/eventhub/event-hubs/test/stress/Dockerfile:4
- Warn: containerImage not pinned by hash: sdk/identity/identity/integration/AzureKubernetes/Dockerfile:12
- Warn: containerImage not pinned by hash: sdk/identity/identity/test/manual-integration/Kubernetes/Dockerfile:12
- Warn: containerImage not pinned by hash: sdk/servicebus/service-bus/test/stress/Dockerfile:4
- Warn: npmCommand not pinned by hash: sdk/eventhub/event-hubs/test/stress/Dockerfile:10
- Warn: npmCommand not pinned by hash: sdk/identity/identity/integration/AzureKubernetes/Dockerfile:18
- Warn: npmCommand not pinned by hash: sdk/identity/identity/test/manual-integration/Kubernetes/Dockerfile:17
- Warn: npmCommand not pinned by hash: sdk/identity/identity/test/manual-integration/Kubernetes/Dockerfile:18
- Warn: npmCommand not pinned by hash: sdk/servicebus/service-bus/test/stress/Dockerfile:10
- Warn: npmCommand not pinned by hash: .devcontainer/init.sh:11
- Warn: npmCommand not pinned by hash: .scripts/automation_init.sh:2
- Warn: npmCommand not pinned by hash: .scripts/automation_init.sh:3
- Warn: npmCommand not pinned by hash: .scripts/automation_init.sh:4
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 4 containerImage dependencies pinned
- Info: 0 out of 9 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
7.2
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More