Gathering detailed insights and metrics for @bbc/moment-timezone-include
Gathering detailed insights and metrics for @bbc/moment-timezone-include
Installations
npm install @bbc/moment-timezone-includeDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
12.21.0
NPM Version
6.14.11
Score
37.4
Supply Chain
52.8
Quality
75.2
Maintenance
50
Vulnerability
96.7
License
Releases
Unable to fetch releases
Contributors
78
Unable to fetch Contributors
Languages
3
JavaScript
Shell
CSS
JavaScript (99.88%)
Shell (0.11%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
Download Statistics
Total Downloads
143,912
Last Day
1
Last Week
11
Last Month
40
Last Year
739
GitHub Statistics
NOASSERTION License
319 Stars
16,211 Commits
54 Forks
28 Watchers
37 Branches
78 Contributors
Updated on Dec 08, 2024
Maintainers
39
Package Meta Information
Latest Version
1.1.8
Package Id
@bbc/moment-timezone-include@1.1.8
Unpacked Size
23.42 kB
Size
5.14 kB
File Count
23
NPM Version
6.14.11
Node Version
12.21.0
Total Downloads
Cumulative downloads
Total Downloads
143,912
Last Day
0%
1
Compared to previous day
Last Week
0%
11
Compared to previous week
Last Month
-16.7%
40
Compared to previous month
Last Year
26.1%
739
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
4
Peer Dependencies
1
Dev Dependencies
1
@bbc/moment-timezone-include - 
This package allows you to exclude all moment timezones from being included, while including specific ones in the chunks you desire.
Installation
1npm install @bbc/moment-timezone-include --save
Usage - Exclude default timezones
1plugins: [new MomentTimezoneInclude({ startYear: 1990, endYear: 2025 })],
This does two things. Firstly it removes all timezones from the moment-timezone package so that they can be included individually. It also specifies the date range of the specifically included timezone data. If startYear isn't provided it defaults to the earliest available data and likewise if endYear isn't included it includes all known future data.
Usage - Include specific timezones
1import '@bbc/moment-timezone-include/tz/America/New_York'
This makes the specified timezone available to moment. It supports all moment timezones by replacing America/New_York in the example above with any moment timezone. The full list of timezones can be found here.
Contributing
Psammead is completely open source. We are grateful for any contributions, whether they be new components, bug fixes or general improvements. Please see our primary contributing guide which can be found at the root of the Psammead respository.
Code of Conduct
We welcome feedback and help on this work. By participating in this project, you agree to abide by the code of conduct. Please take a moment to read it.
License
Psammead is Apache 2.0 licensed.
No vulnerabilities found.
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
all changesets reviewed
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
dangerous workflow patterns detected
Details
- Warn: script injection with untrusted input ' github.head_ref ': .github/workflows/psammead-unit-tests.yml:40
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/cancel-previous-runs.yml:1
- Warn: no topLevel permission defined: .github/workflows/psammead-change-scanner.yml:1
- Warn: no topLevel permission defined: .github/workflows/psammead-chromaticqa.yml:1
- Warn: no topLevel permission defined: .github/workflows/psammead-publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/psammead-unit-tests.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/cancel-previous-runs.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/cancel-previous-runs.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-change-scanner.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-change-scanner.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-chromaticqa.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-chromaticqa.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-chromaticqa.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-chromaticqa.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/psammead-chromaticqa.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-chromaticqa.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/psammead-chromaticqa.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-chromaticqa.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-publish.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-publish.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-publish.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-publish.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-unit-tests.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-unit-tests.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psammead-unit-tests.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/BBC-archive/psammead/psammead-unit-tests.yml/latest?enable=pin
- Warn: downloadThenRun not pinned by hash: .github/workflows/psammead-unit-tests.yml:53
- Warn: downloadThenRun not pinned by hash: .github/workflows/psammead-unit-tests.yml:62
- Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 downloadThenRun dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
70 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-p3vf-v8qc-cwcr
- Warn: Project is vulnerable to: GHSA-gx9m-whjm-85jf
- Warn: Project is vulnerable to: GHSA-mmhx-hmjr-r674
- Warn: Project is vulnerable to: GHSA-vhxf-7vqr-mrjg
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-8mmm-9v2q-x3f9
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-4wx3-54gh-9fr9
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4
- Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g
- Warn: Project is vulnerable to: GHSA-56x4-j7p9-fcf9
- Warn: Project is vulnerable to: GHSA-v78c-4p63-2j6c
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
- Warn: Project is vulnerable to: GHSA-w5hq-hm5m-4548
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-4w2j-2rg4-5mjw
- Warn: Project is vulnerable to: GHSA-mrgp-mrhc-5jrq
- Warn: Project is vulnerable to: GHSA-7jxr-cg7f-gpgv
- Warn: Project is vulnerable to: GHSA-xj72-wvfv-8985
- Warn: Project is vulnerable to: GHSA-ch3r-j5x3-6q2m
- Warn: Project is vulnerable to: GHSA-p5gc-c584-jj6v
- Warn: Project is vulnerable to: GHSA-whpj-8f3w-67p5
- Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
- Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3.1
/10
Last Scanned on 2025-02-17
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More