npmpackage.info

@backstage/plugin-vault-backend

Backstage is an open framework for building developer portals

0.4.11

29,200

Apache-2.0

TypeScript

67.77 kB

185,085 6.3

Installations

npm install @backstage/plugin-vault-backend

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Score

28.6

Supply Chain

45.3

Quality

82.4

Maintenance

Vulnerability

79.7

License

Pull Requests

Open

130

Total

20,966

Closed

3,215

Merged

17,621

Issues

Open

340

Total

6,491

Closed

6,151

Releases

402

v1.35.1

Published on 29 Jan 2025

v1.36.0-next.1

Published on 28 Jan 2025

v1.36.0-next.0

Published on 21 Jan 2025

v1.35.0

Published on 14 Jan 2025

v1.35.0-next.2

Published on 07 Jan 2025

v1.35.0-next.1

Published on 31 Dec 2024

View all 402 releases

Contributors

1,649

View all 1,649 contributors

Languages

TypeScript

MDX

JavaScript

CSS

Handlebars

Mustache

HTML

Dockerfile

SCSS

Shell

Makefile

HCL

PowerShell

TypeScript (94.3%)

MDX (2.14%)

JavaScript (1.95%)

CSS (1.07%)

Handlebars (0.21%)

Mustache (0.11%)

HTML (0.05%)

Dockerfile (0.05%)

SCSS (0.05%)

Shell (0.03%)

Makefile (0.02%)

HCL (0.01%)

Developer

backstage

Download Statistics

Total Downloads

185,085

Last Day

Last Week

261

Last Month

839

Last Year

22,902

GitHub Statistics

29,200 Stars

62,271 Commits

6,237 Forks

233 Watching

528 Branches

1,649 Contributors

Maintainers

Package Meta Information

Latest Version

0.4.11

Package Id

@backstage/plugin-vault-backend@0.4.11

Unpacked Size

67.77 kB

Size

13.18 kB

File Count

Publised On

19 Apr 2024

Total Downloads

Cumulative downloads

Total Downloads

185,085

Last day

-56.3%

Compared to previous day

Last week

-5.1%

261

Compared to previous week

Last month

98.3%

839

Compared to previous month

Last year

-83.7%

22,902

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

Backstage

English | 한국어 | 中文版 | Français

What is Backstage?

Backstage is an open source framework for building developer portals. Powered by a centralized software catalog, Backstage restores order to your microservices and infrastructure and enables your product teams to ship high-quality code quickly without compromising autonomy.

Backstage unifies all your infrastructure tooling, services, and documentation to create a streamlined development environment from end to end.

software-catalog

Out of the box, Backstage includes:

Backstage Software Catalog for managing all your software such as microservices, libraries, data pipelines, websites, and ML models
Backstage Software Templates for quickly spinning up new projects and standardizing your tooling with your organization’s best practices
Backstage TechDocs for making it easy to create, maintain, find, and use technical documentation, using a "docs like code" approach
Plus, a growing ecosystem of open source plugins that further expand Backstage’s customizability and functionality

Backstage was created by Spotify but is now hosted by the Cloud Native Computing Foundation (CNCF) as an Incubation level project. For more information, see the announcement.

Project roadmap

For information about the detailed project roadmap including delivered milestones, see the Roadmap.

Getting Started

To start using Backstage, see the Getting Started documentation.

Documentation

The documentation of Backstage includes:

Community

To engage with our community, you can use the following resources:

Discord chatroom - Get support or discuss the project
Contributing to Backstage - Start here if you want to contribute
RFCs - Help shape the technical direction
FAQ - Frequently Asked Questions
Code of Conduct - This is how we roll
Adopters - Companies already using Backstage
Blog - Announcements and updates
Newsletter - Subscribe to our email newsletter
Backstage Community Sessions - Join monthly meetups and explore Backstage community
Give us a star ⭐️ - If you are using Backstage or think it is an interesting project, we would love a star ❤️

Governance

See the GOVERNANCE.md document in the backstage/community repository.

License

Copyright 2020-2024 © The Backstage Authors. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page: https://www.linuxfoundation.org/trademark-usage

Licensed under the Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0

Security

Please report sensitive security issues using Spotify's bug-bounty program rather than GitHub.

For further details, see our complete security release process.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

CI-Tests

Determines if the project runs tests before pull requests are merged.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Contributors

Determines if the project has a set of contributors from multiple organizations (e.g., companies).

10

Dependency-Update-Tool

Determines if the project uses a dependency update tool.

10

License

Determines if the project has defined a license.

10

Maintained

Determines if the project is "actively maintained".

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

10

SAST

Determines if the project uses static code analysis.

10

Security-Policy

Determines if the project has published a security policy.

8

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 8

Details

Warn: containerImage not pinned by hash: contrib/.devcontainer/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/devcontainers/typescript-node:20 to mcr.microsoft.com/devcontainers/typescript-node:20@sha256:6a200731ff2e66af7d342c8118f989822e81ab98c2ad2e5c180fa308d057e395
Warn: containerImage not pinned by hash: contrib/docker/devops/Dockerfile:3
Warn: containerImage not pinned by hash: contrib/docker/frontend-with-nginx/Dockerfile.dockerbuild:38
Warn: containerImage not pinned by hash: contrib/docker/frontend-with-nginx/Dockerfile.dockerbuild:49: pin your Docker image by updating nginx:mainline to nginx:mainline@sha256:bc2f6a7c8ddbccf55bdb19659ce3b0a92ca6559e86d42677a5a02ef6bda2fcef
Warn: containerImage not pinned by hash: contrib/docker/frontend-with-nginx/Dockerfile.hostbuild:30: pin your Docker image by updating nginx:mainline to nginx:mainline@sha256:bc2f6a7c8ddbccf55bdb19659ce3b0a92ca6559e86d42677a5a02ef6bda2fcef
Warn: containerImage not pinned by hash: contrib/docker/minimal-hardened-image/Dockerfile:15
Warn: containerImage not pinned by hash: contrib/docker/minimal-hardened-image/Dockerfile:24
Warn: containerImage not pinned by hash: contrib/docker/minimal-hardened-image/Dockerfile:53: pin your Docker image by updating cgr.dev/chainguard/wolfi-base:latest to cgr.dev/chainguard/wolfi-base:latest@sha256:1ec3327af43d7af231ffe475aff88d49dbb5e09af9f28610e6afbd2cb096e751
Warn: containerImage not pinned by hash: packages/backend/Dockerfile:12: pin your Docker image by updating node:20-bookworm-slim to node:20-bookworm-slim@sha256:7801bf44f4da6a2f96119ec9f4a8f4470cf59f4622762c41cd076b76e62d4814
Warn: containerImage not pinned by hash: packages/create-app/templates/default-app/packages/backend/Dockerfile:12: pin your Docker image by updating node:20-bookworm-slim to node:20-bookworm-slim@sha256:7801bf44f4da6a2f96119ec9f4a8f4470cf59f4622762c41cd076b76e62d4814
Warn: containerImage not pinned by hash: plugins/scaffolder-backend-module-rails/Rails.dockerfile:1: pin your Docker image by updating ruby:3.3 to ruby:3.3@sha256:84c88b211b515f14f453a12201c85fba72602a139eccc4598a5dc87cb22b58df
Warn: containerImage not pinned by hash: plugins/scaffolder-backend/scripts/Cookiecutter.dockerfile:1: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Warn: pipCommand not pinned by hash: contrib/docker/minimal-hardened-image/Dockerfile:19-21
Warn: pipCommand not pinned by hash: packages/backend/Dockerfile:29
Warn: pipCommand not pinned by hash: plugins/scaffolder-backend/scripts/Cookiecutter.dockerfile:3-11
Warn: pipCommand not pinned by hash: contrib/.devcontainer/postCreate.sh:6
Warn: downloadThenRun not pinned by hash: .github/workflows/automate_merge_message.yml:44
Warn: downloadThenRun not pinned by hash: .github/workflows/sync_release-manifest.yml:54
Warn: pipCommand not pinned by hash: .github/workflows/verify_e2e-techdocs.yml:56
Warn: downloadThenRun not pinned by hash: .github/workflows/verify_fossa.yml:26
Warn: pipCommand not pinned by hash: .github/workflows/verify_microsite.yml:43
Info: 85 out of 85 GitHub-owned GitHubAction dependencies pinned
Info: 84 out of 84 third-party GitHubAction dependencies pinned
Info: 0 out of 12 containerImage dependencies pinned
Info: 0 out of 6 pipCommand dependencies pinned
Info: 0 out of 3 downloadThenRun dependencies pinned

2

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

0

Fuzzing

Determines if the project uses fuzzing.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Info: jobLevel 'actions' permission set to 'read': .github/workflows/api-breaking-changes-comment.yml:18
Info: jobLevel 'contents' permission set to 'read': .github/workflows/api-breaking-changes-comment.yml:88
Info: jobLevel 'contents' permission set to 'read': .github/workflows/automate_area-labels.yml:11
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/deploy_microsite.yml:142
Info: jobLevel 'contents' permission set to 'read': .github/workflows/issue.yaml:12
Info: jobLevel 'contents' permission set to 'read': .github/workflows/sync_snyk-monitor.yml:23
Info: jobLevel 'actions' permission set to 'read': .github/workflows/verify_codeql.yml:28
Info: jobLevel 'contents' permission set to 'read': .github/workflows/verify_codeql.yml:29
Warn: no topLevel permission defined: .github/workflows/api-breaking-changes-comment.yml:1
Warn: no topLevel permission defined: .github/workflows/api-breaking-changes.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/automate_area-labels.yml:6
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:15
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:17
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:8
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:12
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:10
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:11
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:13
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:14
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:16
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:9
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:10
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:12
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:17
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:16
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:18
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:9
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:11
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:13
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:14
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:15
Info: topLevel 'contents' permission set to 'read': .github/workflows/automate_stale.yml:8
Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-noop.yml:12
Warn: no topLevel permission defined: .github/workflows/ci.yml:1
Warn: no topLevel permission defined: .github/workflows/cron.yml:1
Warn: no topLevel permission defined: .github/workflows/deploy_docker-image.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy_microsite.yml:8
Warn: no topLevel permission defined: .github/workflows/deploy_packages.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/issue.yaml:7
Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-review-comment-trigger.yaml:11
Warn: no topLevel permission defined: .github/workflows/pr-review-comment.yaml:1
Warn: no topLevel permission defined: .github/workflows/pr.yaml:1
Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
Warn: no topLevel permission defined: .github/workflows/sync_canon.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_code-formatting.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_dependabot-changesets.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_release-manifest.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_renovate-changesets.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_snyk-github-issues.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/sync_snyk-monitor.yml:18
Warn: no topLevel permission defined: .github/workflows/sync_version-packages.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_accessibility-noop.yml:21
Warn: no topLevel permission defined: .github/workflows/verify_accessibility.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_codeql.yml:23
Warn: no topLevel permission defined: .github/workflows/verify_docs-quality.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_e2e-linux-noop.yml:19
Warn: no topLevel permission defined: .github/workflows/verify_e2e-linux.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_e2e-techdocs.yml:18
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_e2e-windows-noop.yml:15
Warn: no topLevel permission defined: .github/workflows/verify_e2e-windows.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_fossa.yml:9
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_microsite-noop.yml:15
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_microsite.yml:13
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_microsite_accessibility-noop.yml:19
Warn: no topLevel permission defined: .github/workflows/verify_microsite_accessibility.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_storybook-noop.yml:22
Warn: no topLevel permission defined: .github/workflows/verify_storybook.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_windows.yml:11

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

6.3

/10

Last Scanned on 2025-02-04T10:18:40Z

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to @backstage/plugin-vault-backend

@backstage-community/plugin-vault-backend

0.6.0

A Backstage backend plugin that integrates towards Vault

@solace-labs/backstage-plugin-ep-devp-vault-backend-common

1.0.1

Common Node Library for the Developer Portal Vault Backend

@solace-labs/backstage-plugin-ep-devp-vault-backend

1.0.1

@veecode-platform/plugin-vault-backend

0.4.14

A Backstage backend plugin that integrates towards Vault - veeCode version

@backstage/plugin-vault-backend

Installations

Developer Guide

Yes

CommonJS

Score

Pull Requests

130

20,966

3,215

17,621

Issues

340

6,491

6,151

Releases

Contributors

Languages

Developer

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

185,085

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

Backstage

What is Backstage?

Project roadmap

Getting Started

Documentation

Community

Governance

License

Security

10

10

10

10

10

10

10

10

10

10

8

2

0

0

0

0

6.3

/10

Other packages similar to @backstage/plugin-vault-backend