npmpackage.info

@betterer/tsquery

betterer makes it easier to make incremental improvements to your codebase

5.4.0

583

MIT

TypeScript

184,758 4.1

Installations

npm install @betterer/tsquery

Pull Requests

Open

15

Total

1,076

Closed

219

Merged

842

Issues

Open

44

Total

151

Closed

107

Releases

Unable to fetch releases

Developer

phenomnomnominal

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

>=12

Typescript Support

Yes

Node Version

16.16.0

NPM Version

lerna/4.0.0/node@v16.16.0+arm64 (darwin)

Statistics

583 Stars

895 Commits

39 Forks

7 Watching

17 Branches

19 Contributors

Updated on 27 Nov 2024

Languages

TypeScript (97.38%)

JavaScript (2.07%)

CSS (0.54%)

Shell (0.02%)

Total Downloads

Cumulative downloads

Total Downloads

184,758

Last day

-32.4%

192

Compared to previous day

Last week

-21.2%

1,232

Compared to previous week

Last month

28.7%

6,297

Compared to previous month

Last year

35.7%

89,322

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@betterer/betterer @betterer/errors @phenomnomnominal/tsquery tslib

Versions

Betterer

Are you working with a large team, or a legacy codebase? Want to make big sweeping changes over your project, but can't do it all in one go?

Making widespread changes to a codebase can be really hard. When trying to make some sort improvement that affects a lot of code, one of two things often happens:

You start a really long-lived branch that is awful to maintain and often impossible to merge.
You and your team have some agreement to make the improvement slowly over time, but it gets forgotten about and never really happens.

Betterer makes it easier to make incremental improvements to your codebase!

Docs

Check out the docs at phenomnomnominal.github.io/betterer!

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

7

SAST

Determines if the project uses static code analysis.

6

Maintained

Determines if the project is "actively maintained".

2

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-extension.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/build-extension.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-extension.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/build-extension.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-extension.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/build-extension.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-extension.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/build-extension.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/build.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/documentation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/documentation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/documentation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/phenomnomnominal/betterer/documentation.yml/master?enable=pin
Info: 0 out of 12 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 3 third-party GitHubAction dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

42 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-rxrc-rgv4-jpvx
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-qgmg-gppg-76g5
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7

Score

4.1

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More