npmpackage.info

Gathering detailed insights and metrics for @backstage/search-common

@backstage/search-common

Backstage is an open framework for building developer portals

0.3.4

28,586

Apache-2.0

TypeScript

1,189,586 6.3

Installations

npm install @backstage/search-common

Pull Requests

Open

126

Total

20,362

Closed

3,109

Merged

17,127

Issues

Open

360

Total

6,297

Closed

5,937

Releases

386

v1.34.0-next.0

Published on 26 Nov 2024

v1.33.4

Published on 21 Nov 2024

v1.33.3

Published on 21 Nov 2024

v1.33.2

Published on 20 Nov 2024

v1.33.1

Published on 19 Nov 2024

v1.33.0

Published on 19 Nov 2024

View all 386 releases

Developer

backstage

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

Typescript Support

Yes

Node Version

14.19.2

NPM Version

lerna/4.0.0/node@v14.19.2+x64 (linux)

Statistics

28,586 Stars

60,604 Commits

6,075 Forks

233 Watching

508 Branches

1,608 Contributors

Updated on 28 Nov 2024

Languages

TypeScript (95.52%)

JavaScript (1.96%)

MDX (1.8%)

Handlebars (0.22%)

CSS (0.16%)

Mustache (0.11%)

SCSS (0.06%)

HTML (0.05%)

Dockerfile (0.05%)

Shell (0.03%)

Makefile (0.03%)

HCL (0.01%)

Total Downloads

Cumulative downloads

Total Downloads

1,189,586

Last day

60.8%

230

Compared to previous day

Last week

-12.4%

1,024

Compared to previous week

Last month

19.9%

6,062

Compared to previous month

Last year

-55.3%

66,632

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@backstage/plugin-search-common

Versions

Backstage

English | 한국어 | 中文版 | Français

What is Backstage?

Backstage is an open source framework for building developer portals. Powered by a centralized software catalog, Backstage restores order to your microservices and infrastructure and enables your product teams to ship high-quality code quickly without compromising autonomy.

Backstage unifies all your infrastructure tooling, services, and documentation to create a streamlined development environment from end to end.

software-catalog

Out of the box, Backstage includes:

Backstage Software Catalog for managing all your software such as microservices, libraries, data pipelines, websites, and ML models
Backstage Software Templates for quickly spinning up new projects and standardizing your tooling with your organization’s best practices
Backstage TechDocs for making it easy to create, maintain, find, and use technical documentation, using a "docs like code" approach
Plus, a growing ecosystem of open source plugins that further expand Backstage’s customizability and functionality

Backstage was created by Spotify but is now hosted by the Cloud Native Computing Foundation (CNCF) as an Incubation level project. For more information, see the announcement.

Project roadmap

For information about the detailed project roadmap including delivered milestones, see the Roadmap.

Getting Started

To start using Backstage, see the Getting Started documentation.

Documentation

The documentation of Backstage includes:

Community

To engage with our community, you can use the following resources:

Discord chatroom - Get support or discuss the project
Contributing to Backstage - Start here if you want to contribute
RFCs - Help shape the technical direction
FAQ - Frequently Asked Questions
Code of Conduct - This is how we roll
Adopters - Companies already using Backstage
Blog - Announcements and updates
Newsletter - Subscribe to our email newsletter
Backstage Community Sessions - Join monthly meetups and explore Backstage community
Give us a star ⭐️ - If you are using Backstage or think it is an interesting project, we would love a star ❤️

Governance

See the GOVERNANCE.md document in the backstage/community repository.

License

Copyright 2020-2024 © The Backstage Authors. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page: https://www.linuxfoundation.org/trademark-usage

Licensed under the Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0

Security

Please report sensitive security issues using Spotify's bug-bounty program rather than GitHub.

For further details, see our complete security release process.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

CI-Tests

Determines if the project runs tests before pull requests are merged.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Contributors

Determines if the project has a set of contributors from multiple organizations (e.g., companies).

10

Dependency-Update-Tool

Determines if the project uses a dependency update tool.

10

License

Determines if the project has defined a license.

10

Maintained

Determines if the project is "actively maintained".

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

10

SAST

Determines if the project uses static code analysis.

10

Security-Policy

Determines if the project has published a security policy.

7

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 7

Details

Warn: containerImage not pinned by hash: contrib/.devcontainer/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/devcontainers/typescript-node:20 to mcr.microsoft.com/devcontainers/typescript-node:20@sha256:abb334b5ac0b177f5cfb1e682181ad26412f188268f2168016c92949bc69904b
Warn: containerImage not pinned by hash: contrib/docker/devops/Dockerfile:3
Warn: containerImage not pinned by hash: contrib/docker/frontend-with-nginx/Dockerfile.dockerbuild:38
Warn: containerImage not pinned by hash: contrib/docker/frontend-with-nginx/Dockerfile.dockerbuild:49: pin your Docker image by updating nginx:mainline to nginx:mainline@sha256:0c86dddac19f2ce4fd716ac58c0fd87bf69bfd4edabfd6971fb885bafd12a00b
Warn: containerImage not pinned by hash: contrib/docker/frontend-with-nginx/Dockerfile.hostbuild:30: pin your Docker image by updating nginx:mainline to nginx:mainline@sha256:0c86dddac19f2ce4fd716ac58c0fd87bf69bfd4edabfd6971fb885bafd12a00b
Warn: containerImage not pinned by hash: contrib/docker/minimal-hardened-image/Dockerfile:15
Warn: containerImage not pinned by hash: contrib/docker/minimal-hardened-image/Dockerfile:24
Warn: containerImage not pinned by hash: contrib/docker/minimal-hardened-image/Dockerfile:53: pin your Docker image by updating cgr.dev/chainguard/wolfi-base:latest to cgr.dev/chainguard/wolfi-base:latest@sha256:8dd9ceace8b1574e550374e9c07c2baafa60cc96223c1314fac61bd2edb48c70
Warn: containerImage not pinned by hash: packages/backend/Dockerfile:12: pin your Docker image by updating node:20-bookworm-slim to node:20-bookworm-slim@sha256:a0196893dffad1f1a5723a8c817b45681402be549a8f196bf9c93a5bc30628e3
Warn: containerImage not pinned by hash: packages/create-app/templates/default-app/packages/backend/Dockerfile:12: pin your Docker image by updating node:20-bookworm-slim to node:20-bookworm-slim@sha256:a0196893dffad1f1a5723a8c817b45681402be549a8f196bf9c93a5bc30628e3
Warn: containerImage not pinned by hash: plugins/scaffolder-backend-module-rails/Rails.dockerfile:1: pin your Docker image by updating ruby:3.3 to ruby:3.3@sha256:9afef279599922a4426c91d0a2a0d0c32c15ef0f65490ae83132a683d58ab978
Warn: containerImage not pinned by hash: plugins/scaffolder-backend/scripts/Cookiecutter.dockerfile:1: pin your Docker image by updating alpine:3.20 to alpine:3.20@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a
Warn: pipCommand not pinned by hash: contrib/docker/minimal-hardened-image/Dockerfile:19-21
Warn: pipCommand not pinned by hash: packages/backend/Dockerfile:29
Warn: pipCommand not pinned by hash: plugins/scaffolder-backend/scripts/Cookiecutter.dockerfile:3-11
Warn: pipCommand not pinned by hash: contrib/.devcontainer/postCreate.sh:6
Warn: downloadThenRun not pinned by hash: .github/workflows/automate_merge_message.yml:44
Warn: downloadThenRun not pinned by hash: .github/workflows/sync_release-manifest.yml:54
Warn: pipCommand not pinned by hash: .github/workflows/verify_e2e-techdocs.yml:56
Warn: downloadThenRun not pinned by hash: .github/workflows/verify_fossa.yml:26
Warn: pipCommand not pinned by hash: .github/workflows/verify_microsite.yml:43
Info: 82 out of 82 GitHub-owned GitHubAction dependencies pinned
Info: 82 out of 82 third-party GitHubAction dependencies pinned
Info: 0 out of 12 containerImage dependencies pinned
Info: 0 out of 6 pipCommand dependencies pinned
Info: 0 out of 3 downloadThenRun dependencies pinned

2

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

0

Fuzzing

Determines if the project uses fuzzing.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Info: jobLevel 'contents' permission set to 'read': .github/workflows/api-breaking-changes-comment.yml:88
Info: jobLevel 'actions' permission set to 'read': .github/workflows/api-breaking-changes-comment.yml:18
Info: jobLevel 'contents' permission set to 'read': .github/workflows/automate_area-labels.yml:11
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/deploy_microsite.yml:142
Info: jobLevel 'contents' permission set to 'read': .github/workflows/issue.yaml:12
Info: jobLevel 'contents' permission set to 'read': .github/workflows/sync_snyk-monitor.yml:23
Info: jobLevel 'actions' permission set to 'read': .github/workflows/verify_codeql.yml:28
Info: jobLevel 'contents' permission set to 'read': .github/workflows/verify_codeql.yml:29
Warn: no topLevel permission defined: .github/workflows/api-breaking-changes-comment.yml:1
Warn: no topLevel permission defined: .github/workflows/api-breaking-changes.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/automate_area-labels.yml:6
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:11
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:13
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:16
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:17
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:8
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:9
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:10
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:15
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:12
Info: found token with 'none' permissions: .github/workflows/automate_changeset_feedback.yml:14
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:11
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:13
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:9
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:10
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:12
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:14
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:15
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:16
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:17
Info: found token with 'none' permissions: .github/workflows/automate_merge_message.yml:18
Info: topLevel 'contents' permission set to 'read': .github/workflows/automate_stale.yml:8
Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-noop.yml:12
Warn: no topLevel permission defined: .github/workflows/ci.yml:1
Warn: no topLevel permission defined: .github/workflows/cron.yml:1
Warn: no topLevel permission defined: .github/workflows/deploy_docker-image.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy_microsite.yml:8
Warn: no topLevel permission defined: .github/workflows/deploy_packages.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/issue.yaml:7
Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-review-comment-trigger.yaml:11
Warn: no topLevel permission defined: .github/workflows/pr-review-comment.yaml:1
Warn: no topLevel permission defined: .github/workflows/pr.yaml:1
Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
Warn: no topLevel permission defined: .github/workflows/sync_code-formatting.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_dependabot-changesets.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_release-manifest.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_renovate-changesets.yml:1
Warn: no topLevel permission defined: .github/workflows/sync_snyk-github-issues.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/sync_snyk-monitor.yml:18
Warn: no topLevel permission defined: .github/workflows/sync_version-packages.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_accessibility-noop.yml:21
Warn: no topLevel permission defined: .github/workflows/verify_accessibility.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_codeql.yml:23
Warn: no topLevel permission defined: .github/workflows/verify_docs-quality.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_e2e-linux-noop.yml:19
Warn: no topLevel permission defined: .github/workflows/verify_e2e-linux.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_e2e-techdocs.yml:18
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_e2e-windows-noop.yml:15
Warn: no topLevel permission defined: .github/workflows/verify_e2e-windows.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_fossa.yml:9
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_microsite-noop.yml:15
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_microsite.yml:13
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_microsite_accessibility-noop.yml:19
Warn: no topLevel permission defined: .github/workflows/verify_microsite_accessibility.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_storybook-noop.yml:22
Warn: no topLevel permission defined: .github/workflows/verify_storybook.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/verify_windows.yml:11

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

6.3

/10

Last Scanned on 2024-11-28T16:47:29Z

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More