npmpackage.info

Gathering detailed insights and metrics for @backstage/errors

@backstage/errors - 1.2.7 | npmpackage.info

@backstage/errors

Backstage is an open framework for building developer portals

1.2.7

30,681

Apache-2.0

TypeScript

1.78 kB

16,642,292 6.5

Installations

npm install @backstage/errors

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Score

99.7

Supply Chain

70.1

Quality

88.3

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

114

Total

22,257

Closed

3,477

Merged

18,666

Issues

Open

344

Total

6,936

Closed

6,592

Releases

431

v1.41.0-next.1

Updated on Jul 01, 2025

v1.40.2

Updated on Jun 30, 2025

v1.41.0-next.0

Updated on Jun 24, 2025

v1.40.1

Updated on Jun 19, 2025

v1.40.0

Updated on Jun 17, 2025

v1.40.0-next.3

Updated on Jun 11, 2025

View All 431 releases

Languages

TypeScript

MDX

CSS

JavaScript

Handlebars

Mustache

HTML

Dockerfile

SCSS

Shell

Makefile

HCL

PowerShell

TypeScript (93.64%)

MDX (2.07%)

CSS (1.99%)

JavaScript (1.81%)

Handlebars (0.19%)

Mustache (0.1%)

HTML (0.05%)

Dockerfile (0.05%)

SCSS (0.05%)

Shell (0.02%)

Makefile (0.02%)

HCL (0.01%)

Developer

backstage

Download Statistics

Total Downloads

16,642,292

Last Day

4,907

Last Week

136,448

Last Month

649,396

Last Year

7,154,396

GitHub Statistics

Apache-2.0 License

30,681 Stars

65,930 Commits

6,622 Forks

236 Watchers

557 Branches

1,726 Contributors

Updated on Jul 04, 2025

Bundle Size

5.06 kB

Minified

1.78 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 1,726 Contributors

Package Meta Information

Latest Version

1.2.7

Package Id

@backstage/errors@1.2.7

Unpacked Size

76.40 kB

Size

12.47 kB

File Count

Published on

Jan 14, 2025

Total Downloads

Cumulative downloads

Total Downloads

16,642,292

Last Day

11.2%

4,907

Compared to previous day

Last Week

-15%

136,448

Compared to previous week

Last Month

-10.1%

649,396

Compared to previous month

Last Year

42.9%

7,154,396

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@backstage/types serialize-error

Dev Dependencies

@backstage/cli

Backstage

English | 한국어 | 中文版 | Français

What is Backstage?

Backstage is an open source framework for building developer portals. Powered by a centralized software catalog, Backstage restores order to your microservices and infrastructure and enables your product teams to ship high-quality code quickly without compromising autonomy.

Backstage unifies all your infrastructure tooling, services, and documentation to create a streamlined development environment from end to end.

software-catalog

Out of the box, Backstage includes:

Backstage Software Catalog for managing all your software such as microservices, libraries, data pipelines, websites, and ML models
Backstage Software Templates for quickly spinning up new projects and standardizing your tooling with your organization’s best practices
Backstage TechDocs for making it easy to create, maintain, find, and use technical documentation, using a "docs like code" approach
Plus, a growing ecosystem of open source plugins that further expand Backstage’s customizability and functionality

Backstage was created by Spotify but is now hosted by the Cloud Native Computing Foundation (CNCF) as an Incubation level project. For more information, see the announcement.

Project roadmap

For information about the detailed project roadmap including delivered milestones, see the Roadmap.

Getting Started

To start using Backstage, see the Getting Started documentation.

Documentation

The documentation of Backstage includes:

Community

To engage with our community, you can use the following resources:

Discord chatroom - Get support or discuss the project
Contributing to Backstage - Start here if you want to contribute
RFCs - Help shape the technical direction
FAQ - Frequently Asked Questions
Code of Conduct - This is how we roll
Adopters - Companies already using Backstage
Blog - Announcements and updates
Newsletter - Subscribe to our email newsletter
Backstage Community Sessions - Join monthly meetups and explore Backstage community
Give us a star ⭐️ - If you are using Backstage or think it is an interesting project, we would love a star ❤️

Governance

See the GOVERNANCE.md document in the backstage/community repository.

License

Copyright 2020-2025 © The Backstage Authors. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page: https://www.linuxfoundation.org/trademark-usage

Licensed under the Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0

Security

Please report sensitive security issues using Spotify's bug-bounty program rather than GitHub.

For further details, see our complete security release process.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

CI-Tests

Determines if the project runs tests before pull requests are merged.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Contributors

Determines if the project has a set of contributors from multiple organizations (e.g., companies).

10

Dependency-Update-Tool

Determines if the project uses a dependency update tool.

10

License

Determines if the project has defined a license.

10

Maintained

Determines if the project is "actively maintained".

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

10

SAST

Determines if the project uses static code analysis.

10

Security-Policy

Determines if the project has published a security policy.

8

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

8

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 8

Details

Warn: containerImage not pinned by hash: contrib/.devcontainer/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/devcontainers/typescript-node:20 to mcr.microsoft.com/devcontainers/typescript-node:20@sha256:49698b6eae8a476ebfe37652b03a415d66f4e7ea8e1f8253a46b7a7836fe59ef
Warn: containerImage not pinned by hash: contrib/docker/devops/Dockerfile:3
Warn: containerImage not pinned by hash: contrib/docker/frontend-with-nginx/Dockerfile.dockerbuild:38
Warn: containerImage not pinned by hash: contrib/docker/frontend-with-nginx/Dockerfile.dockerbuild:49: pin your Docker image by updating nginx:mainline to nginx:mainline@sha256:93230cd54060f497430c7a120e2347894846a81b6a5dd2110f7362c5423b4abc
Warn: containerImage not pinned by hash: contrib/docker/frontend-with-nginx/Dockerfile.hostbuild:30: pin your Docker image by updating nginx:mainline to nginx:mainline@sha256:93230cd54060f497430c7a120e2347894846a81b6a5dd2110f7362c5423b4abc
Warn: containerImage not pinned by hash: contrib/docker/minimal-hardened-image/Dockerfile:15
Warn: containerImage not pinned by hash: contrib/docker/minimal-hardened-image/Dockerfile:24
Warn: containerImage not pinned by hash: contrib/docker/minimal-hardened-image/Dockerfile:53: pin your Docker image by updating cgr.dev/chainguard/wolfi-base:latest to cgr.dev/chainguard/wolfi-base:latest@sha256:1c6a85817d3a8787e094aae474e978d4ecdf634fd65e77ab28ffae513e35cca1
Warn: containerImage not pinned by hash: packages/backend/Dockerfile:12: pin your Docker image by updating node:20-bookworm-slim to node:20-bookworm-slim@sha256:f8f6771d949ff351c061de64ef9cbfbc5949015883fb3b016b34aca6d0e5b8cc
Warn: containerImage not pinned by hash: packages/create-app/templates/default-app/packages/backend/Dockerfile:15: pin your Docker image by updating node:20-bookworm-slim to node:20-bookworm-slim@sha256:f8f6771d949ff351c061de64ef9cbfbc5949015883fb3b016b34aca6d0e5b8cc
Warn: containerImage not pinned by hash: plugins/scaffolder-backend-module-rails/Rails.dockerfile:1: pin your Docker image by updating ruby:3.4 to ruby:3.4@sha256:f7ab76e2c36ab406ebc36aeba20624b26a8fae7c2998acabbe9662e2a73f00f3
Warn: containerImage not pinned by hash: plugins/scaffolder-backend/scripts/Cookiecutter.dockerfile:1: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
Warn: pipCommand not pinned by hash: contrib/docker/minimal-hardened-image/Dockerfile:19-21
Warn: pipCommand not pinned by hash: packages/backend/Dockerfile:29
Warn: pipCommand not pinned by hash: plugins/scaffolder-backend/scripts/Cookiecutter.dockerfile:3-11
Warn: pipCommand not pinned by hash: contrib/.devcontainer/postCreate.sh:6
Warn: downloadThenRun not pinned by hash: .github/workflows/automate_merge_message.yml:44
Warn: downloadThenRun not pinned by hash: .github/workflows/sync_release-manifest.yml:54
Warn: pipCommand not pinned by hash: .github/workflows/verify_e2e-techdocs.yml:56
Warn: downloadThenRun not pinned by hash: .github/workflows/verify_fossa.yml:26
Warn: pipCommand not pinned by hash: .github/workflows/verify_microsite.yml:259
Info: 124 out of 124 GitHub-owned GitHubAction dependencies pinned
Info: 91 out of 91 third-party GitHubAction dependencies pinned
Info: 0 out of 12 containerImage dependencies pinned
Info: 0 out of 6 pipCommand dependencies pinned
Info: 0 out of 3 downloadThenRun dependencies pinned

2

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

0

Fuzzing

Determines if the project uses fuzzing.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Info: jobLevel 'actions' permission set to 'read': .github/workflows/api-breaking-changes-comment.yml:18
Info: jobLevel 'contents' permission set to 'read': .github/workflows/api-breaking-changes-comment.yml:97
Info: jobLevel 'contents' permission set to 'read': .github/workflows/automate_area-labels.yml:11
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/deploy_microsite.yml:230
Info: jobLevel 'contents' permission set to 'read': .github/workflows/issue.yaml:12
Info: jobLevel 'contents' permission set to 'read': .github/workflows/sync_snyk-monitor.yml:23
Info: jobLevel 'actions' permission set to 'read': .github/workflows/verify_codeql.yml:28
Info: jobLevel 'contents' permission set to 'read': .github/workflows/verify_codeql.yml:29
Warn: no topLevel permission defined: .github/workflows/api-breaking-changes-comment.yml:1
Warn: no topLevel permission defined: .github/workflows/api-breaking-changes.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/automate_area-labels.yml:6
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:15
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:16
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:10
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:12
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:14
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:11
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:13
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:17
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:8
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:9
Warn: no topLevel permission defined: .github/workflows/automate_issue_labels.yml:1
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:9
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:10
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:11
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:12
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:13
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:14
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:15
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:16
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:17
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:18
Info: topLevel 'contents' permission set to 'read': .github/workflows/automate_stale.yml:8
Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-noop.yml:12
Warn: no topLevel permission defined: .github/workflows/ci.yml:1
Warn: no topLevel permission defined: .github/workflows/cron.yml:1
Warn: no topLevel permission defined: .github/workflows/deploy_docker-image.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy_microsite.yml:8
Warn: no topLevel permission defined: .github/workflows/deploy_packages.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/issue.yaml:7
Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-review-comment-trigger.yaml:11
Warn: no topLevel permission defined: .github/workflows/pr-review-comment.yaml:1
Warn: no topLevel permission defined: .github/workflows/pr.yaml:1
Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
Warn: no topLevel permission defined: .github/workflows/sync_canon.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_code-formatting.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_dependabot-changesets.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_release-manifest.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_renovate-changesets.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_snyk-github-issues.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/sync_snyk-monitor.yml:18
Warn: no topLevel permission defined: .github/workflows/sync_version-packages.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_accessibility-noop.yml:21
Warn: no topLevel permission defined: .github/workflows/verify_accessibility.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_codeql.yml:23
Warn: no topLevel permission defined: .github/workflows/verify_docs-quality.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_e2e-linux-noop.yml:19
Warn: no topLevel permission defined: .github/workflows/verify_e2e-linux.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_e2e-techdocs.yml:18
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_e2e-windows-noop.yml:15
Warn: no topLevel permission defined: .github/workflows/verify_e2e-windows.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_fossa.yml:9
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_microsite-noop.yml:15
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_microsite.yml:13
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_microsite_accessibility-noop.yml:19
Warn: no topLevel permission defined: .github/workflows/verify_microsite_accessibility.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_storybook-noop.yml:22
Warn: no topLevel permission defined: .github/workflows/verify_storybook.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_windows.yml:11

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

49 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-f9xv-q969-pqx4
Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-86rg-pf4c-5grg
Warn: Project is vulnerable to: GHSA-7hv8-3fr9-j2hv
Warn: Project is vulnerable to: GHSA-qc4v-xq2m-65wc
Warn: Project is vulnerable to: GHSA-w7fj-336r-vw49
Warn: Project is vulnerable to: GHSA-3x3f-jcp3-g22j
Warn: Project is vulnerable to: GHSA-f8j4-p5cr-p777
Warn: Project is vulnerable to: GHSA-2g8g-63j4-9w3r
Warn: Project is vulnerable to: GHSA-mg3m-f475-28hv
Warn: Project is vulnerable to: GHSA-wg6p-jmpc-xjmr
Warn: Project is vulnerable to: GHSA-qmc2-jpr5-7rg9
Warn: Project is vulnerable to: GHSA-gg96-f8wr-p89f
Warn: Project is vulnerable to: GHSA-39v3-f278-vj3g
Warn: Project is vulnerable to: GHSA-5j94-f3mf-8685
Warn: Project is vulnerable to: GHSA-4jqc-jvh2-pxg9
Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-vhxf-7vqr-mrjg
Warn: Project is vulnerable to: MAL-2025-87
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-pppg-cpfq-h7wr
Warn: Project is vulnerable to: GHSA-hw8r-x6gr-5gjp
Warn: Project is vulnerable to: GHSA-x2rg-q646-7m2v
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-44fp-w29j-9vj5
Warn: Project is vulnerable to: GHSA-4pg4-qvpc-4q3h
Warn: Project is vulnerable to: GHSA-g5hg-p3ph-g8qg
Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
Warn: Project is vulnerable to: MAL-2022-6445
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3

Score

6.5

/10

Last Scanned on 2025-07-04T15:42:48Z

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More