Gathering detailed insights and metrics for @benzene/jit
Gathering detailed insights and metrics for @benzene/jit
Installations
npm install @benzene/jitReleases
63
@benzene/core@0.8.2
@benzene/core@0.8.2
Published on 13 Aug 2022
@benzene/http@0.4.2
@benzene/http@0.4.2
Published on 13 Aug 2022
@benzene/jit@0.1.5
@benzene/jit@0.1.5
Published on 13 Aug 2022
@benzene/ws@0.7.2
@benzene/ws@0.7.2
Published on 13 Aug 2022
@benzene/extra@0.2.3
@benzene/extra@0.2.3
Published on 13 Aug 2022
@benzene/http@0.4.1
@benzene/http@0.4.1
Published on 03 Feb 2022
Developer
Developer Guide
BETA
Module System
ESM
Min. Node Version
^14.0.0 || >=16.0.0
Typescript Support
Yes
Node Version
16.16.0
NPM Version
8.11.0
Statistics
164 Stars
150 Commits
7 Forks
4 Watching
14 Branches
3 Contributors
Updated on 10 Sept 2024
Languages
TypeScript (94.71%)
JavaScript (4.51%)
Shell (0.44%)
Lua (0.33%)
Total Downloads
Cumulative downloads
Total Downloads
12,359
Last day
-60%
2
Compared to previous day
Last week
-89.6%
7
Compared to previous week
Last month
-29.6%
292
Compared to previous month
Last year
158.8%
7,875
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Versions
Benzene is a new take on GraphQL server that gives us the control we need while staying blazing fast.
Features
The @benzene/http and @benzene/ws packages allow us to build a full-featured GraphQL server, featuring:
- Super minimal (~4kB) and performant.
@benzene/httpand@benzene/wspurely wrap@benzene/core, which includes minimal dependencies and features no third-party integrations, thus avoiding unnecessary overheads. - Transport & Framework agnostic. Each package features generic Request, Response, or WebSocket interfaces to easily plug into any JavaScript frameworks or runtimes: Node.js, Deno, Cloudflare Worker, etc.
- Customizable runtime. Use custom GraphQL implementation such as
graphql-jitor rolling our own for performance and cutting-edge features. - Unopinionated and observable APIs. Benzene does not include any middleware or configurations, so we can be in total control of logging, parsing, and error handling.
- Unified pipeline. Write error handling or context creation function only once. Every transport handler inherits the same Benzene instance and takes advantage of its shared configuration.
- Fully extensible. Despite not being battery-included, it can be extended with recipes (like Persisted queries) or @benzene/extra.
We are taking an approach opposite to Apollo Server, which abstracts everything behind its applyMiddleware function that includes unexpected and hard-to-customized "defaults".
While our approach requires a bit more boilerplate, we achieve an observable and customizable server integration.
Documentation
Documentation is available at benzene.vercel.app
There is also a Getting Started section
which shows how to build a real-time book voting app using both @benzene/http and @benzene/ws.
Examples
There are also various examples for integrations with different tools and frameworks.
Contributing
This repository uses the new npm v7 workspaces (yarn 1 workspace may also work). Please see contributing.md.
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
Found 0/20 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/hoangvvo/benzene/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/hoangvvo/benzene/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/hoangvvo/benzene/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/hoangvvo/benzene/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/hoangvvo/benzene/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/hoangvvo/benzene/release.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:28
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:30
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:32
- Warn: npmCommand not pinned by hash: .github/workflows/release.yml:26
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 4 npmCommand dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 20 are checked with a SAST tool
Reason
15 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-4wx3-54gh-9fr9
- Warn: Project is vulnerable to: GHSA-c59h-r6p8-q9wc
- Warn: Project is vulnerable to: GHSA-g77x-44xx-532m
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-9pv7-vfvm-6vr7
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
2.7
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More