Gathering detailed insights and metrics for @balena/pinejs
Gathering detailed insights and metrics for @balena/pinejs
Installations
npm install @balena/pinejsDeveloper
balena-io
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=20.14.0
Typescript Support
Yes
Node Version
18.20.5
NPM Version
10.8.2
Statistics
63 Stars
5,371 Commits
11 Forks
23 Watching
62 Branches
35 Contributors
Updated on 21 Nov 2024
Languages
TypeScript (94.62%)
JavaScript (3.38%)
Python (1.97%)
Dockerfile (0.03%)
Total Downloads
Cumulative downloads
Total Downloads
564,185
Last day
148.7%
766
Compared to previous day
Last week
48.2%
3,001
Compared to previous week
Last month
-39.9%
9,372
Compared to previous month
Last year
-25%
165,542
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
39
ajvbusboylodashmemoizee@types/pgcommander@types/nodecron-parserdeep-freezetyped-error@types/mysqlrandomstring@types/lodash@types/multer@types/websqleventemitter3@types/express@types/memoizee@types/passportexpress-sessionjson-schema-to-ts@balena/sbvr-types@types/body-parser@types/compression@types/deep-freezepinejs-client-core@balena/env-parsing@balena/sbvr-parser@types/randomstring@balena/odata-parser@types/cookie-parser@types/passport-local@types/express-session@types/method-override@types/passport-strategy@balena/lf-to-abstract-sql@balena/abstract-sql-compiler@balena/odata-to-abstract-sql@balena/abstract-sql-to-typescript
Dev Dependencies
39
chaigrunthuskymocharequestts-nodewebpackgrunt-tsgrunt-clisupertestts-loaderraw-loadertypescript@types/chailint-stagedon-finished@balena/lint@types/grunt@types/mocha@types/busboygrunt-gitinfogrunt-webpack@types/request@types/webpack@faker-js/faker@types/supertestload-grunt-tasks@types/on-finishedgrunt-contrib-copygrunt-text-replacewebpack-dev-servergrunt-contrib-cleangrunt-contrib-concatgrunt-contrib-renameterser-webpack-pluginpinejs-client-supertestrequire-npm4-to-publishgrunt-check-dependencies@types/terser-webpack-plugin
Versions
Pine.js is a sophisticated rules-driven API engine that enables you to define rules in a structured subset of English. Those rules are used in order for Pine.js to generate a database schema and the associated OData API. This makes it very easy to rapidly create, update and maintain a backend while keeping the logic in an easily understood form, as well as providing the ability to update and maintain this logic going forward.
Rules are described in SBVR format, which stands for "Semantics of Business Vocabulary and Business Rules". SBVR provides a way to capture specifications in natural language and represent them in formal logic, so they can be machine processed.
The basic components of SBVR are as follows:
- Terms - these are the atomic elements of your data model, defined via
Term: [Term Name]. Generally speaking, these map to tables in a relational database, or attributes of other tables. - Fact Types - these define relations between different terms and properties of those terms, e.g.
Fact type: pilot can fly planeorFact type: pilot is experienced- these somewhat map to fields and foreign keys in a relational database. - Rules - these define logical constraints on the data model and is the most powerful aspect of SBVR and Pine.js itself. Rules map loosely to constraints in a relational database, but extend them to constraints that can traverse tables and generally be far more powerful than a database constraint. E.g.
Rule: It is obligatory that each pilot can fly at least 1 plane. The expressive capability of SBVR rules is much more than simple SQL DDL, and has the full power of First Order Logic.
In order to get an idea of how SBVR works, visit the sbvr lab, and for more details, check out the SBVR spec.
As part of the @balena/pinejs package the following tools are installed:
- sbvr-compiler: Can be used to compile SBVR via the SBVR chain into SQL, eg
npx sbvr-compiler test.sbvr - odata-compiler: Can be used to compile an OData URL via the OData chain from to SQL, eg
npx odata-compiler test.sbvr /test
Both tools use some of the main dependencies of Pine.js:
- abstract-sql-compiler
- lf-to-abstract-sql
- sbvr-parser
- odata-parser
- odata-to-abstract-sql
The above packages are written in OMeta and compiled into Javascript. The following resources consitute a good starting point in order for someone to get a better understanding of OMeta and the above dependencies:
The following papers are also helpful in understanding the main concept of Pine.js:
The documentation inside /docs folder also provide a great overview of the main concepts of Pine.js, in particular:
- docs/Migrations.md: provides information regarding sql queries or Javascript functions that are executed prior to pinejs executing a given SBVR model.
- docs/Hooks.md: functions that you can implement in order to execute custom code when API calls are requested.
- docs/ProjectConfig.md: provides information regarding creating and configuring a project.
- docs/Types.md: types definitions and declarations in various systems.
- docs/sequence-diagrams/: provide a great overview of how the main processes are executed, including OData request parsing, response processing, etc. (The sequence diagrams can be depicted in websequencediagrams.com)
One can experiment with Pine.js, its main dependencies and the above tools inside the development environment of balena.
Where to go from here:
Start by creating your very first application with Pine.js. Jump to the Getting Started guide.
Storing files and other large objects
An application can choose between two types to save file content or another large object: File or WebResource. When using a File, PineJS saves the content in the database using a binary data type like BYTEA or BLOB. When using a WebResource, PineJS saves the binary content on an external storage service and then writes metadata, including the content public URL, to the database. Client apps use the WebResource href to get the content.
Please note that WebResource is still a work in progress and as such has a few limitations. Such as (but not exclusively):
- Filtering for specific filenames or size
- Deletion of a file may fail and will require to manually delete the file from its storage
No vulnerabilities found.
Reason
30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
SAST tool is run on all commits
Details
- Info: all commits (20) are checked with a SAST tool
Reason
Found 9/19 approved changesets -- score normalized to 4
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/flowzone.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: 'allow deletion' enabled on branch 'master'
- Warn: 'force pushes' enabled on branch 'master'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'
- Warn: 'stale review dismissal' is disabled on branch 'master'
- Warn: branch 'master' does not require approvers
- Warn: codeowners review is not required on branch 'master'
- Warn: 'last push approval' is disabled on branch 'master'
- Info: 'up-to-date branches' is required to merge on branch 'master'
- Info: status check found to merge onto on branch 'master'
- Info: PRs are required in order to make changes on branch 'master'
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v19.6.0 not signed: https://api.github.com/repos/balena-io/pinejs/releases/186613952
- Warn: release artifact v19.5.5 not signed: https://api.github.com/repos/balena-io/pinejs/releases/186534143
- Warn: release artifact v19.5.4 not signed: https://api.github.com/repos/balena-io/pinejs/releases/182269641
- Warn: release artifact v19.5.3 not signed: https://api.github.com/repos/balena-io/pinejs/releases/182263570
- Warn: release artifact v19.5.2 not signed: https://api.github.com/repos/balena-io/pinejs/releases/181924821
- Warn: release artifact v19.6.0 does not have provenance: https://api.github.com/repos/balena-io/pinejs/releases/186613952
- Warn: release artifact v19.5.5 does not have provenance: https://api.github.com/repos/balena-io/pinejs/releases/186534143
- Warn: release artifact v19.5.4 does not have provenance: https://api.github.com/repos/balena-io/pinejs/releases/182269641
- Warn: release artifact v19.5.3 does not have provenance: https://api.github.com/repos/balena-io/pinejs/releases/182263570
- Warn: release artifact v19.5.2 does not have provenance: https://api.github.com/repos/balena-io/pinejs/releases/181924821
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: containerImage not pinned by hash: Dockerfile:1
- Warn: containerImage not pinned by hash: Dockerfile:9
- Warn: containerImage not pinned by hash: Dockerfile:12
- Warn: npmCommand not pinned by hash: Dockerfile:6
- Info: 0 out of 1 npmCommand dependencies pinned
- Info: 0 out of 3 containerImage dependencies pinned
Score
4.9
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More