Gathering detailed insights and metrics for @bpmn-io/form-js-playground
Gathering detailed insights and metrics for @bpmn-io/form-js-playground
Installations
npm install @bpmn-io/form-js-playgroundReleases
Unable to fetch releases
Developer
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
Typescript Support
Yes
Node Version
20.17.0
NPM Version
lerna/8.1.9/node@v20.17.0+x64 (linux)
Statistics
418 Stars
1,768 Commits
108 Forks
19 Watching
38 Branches
26 Contributors
Updated on 21 Nov 2024
Languages
JavaScript (92.56%)
CSS (4.24%)
SCSS (2.76%)
Shell (0.21%)
HTML (0.16%)
TypeScript (0.08%)
Total Downloads
Cumulative downloads
Total Downloads
239,090
Last day
-3.6%
845
Compared to previous day
Last week
14.7%
4,461
Compared to previous week
Last month
9.8%
18,048
Compared to previous month
Last year
171.2%
167,178
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
15
Dev Dependencies
5
Versions
@bpmn-io/form-js
View, visually edit and simulate JSON-based forms.
Usage
This library exports a form viewer, editor and playground.
Display a form
Renders a form based on a form schema and existing data:
1import { Form } from '@bpmn-io/form-js'; 2 3const form = new Form({ 4 container: document.querySelector('#form'), 5}); 6 7await form.importSchema(schema, data); 8 9form.on('submit', (event) => { 10 console.log(event.data, event.errors); 11});
See viewer documentation for further details.
Create and edit a form
Create a new form or edit an exsting one:
1import { FormEditor } from '@bpmn-io/form-js'; 2 3const formEditor = new FormEditor({ 4 container: document.querySelector('#form-editor'), 5}); 6 7await formEditor.importSchema(schema);
See editor documentation for further details.
Create and simulate a form with input and output data
Create and simulate a form with input and output data:
1import { FormPlayground } from '@bpmn-io/form-js'; 2 3const formPlayground = new FormPlayground({ 4 container: document.querySelector('#form-playground'), 5 schema, 6 data, 7});
See playground documentation for further details.
Retrieve schema variables from a form
Use the getSchemaVariables util to retrieve the variables defined in a form schema. This is useful to gather what data is consumed and produced by a form.
1import { getSchemaVariables } from '@bpmn-io/form-js'; 2 3const variables = getSchemaVariables(schema); 4 5console.log('Schema variables', variables);
It is also possible to distinct between input and output variables:
1import { getSchemaVariables } from '@bpmn-io/form-js'; 2 3const outputVariables = getSchemaVariables(schema, { inputs: false }); 4const inputVariables = getSchemaVariables(schema, { outputs: false });
Resources
Build and run
Build the project in a Posix environment. On Windows, that is Git Bash or WSL.
Note we currently support development environments with Node.js version 16 (and npm version 8). We encourage you to use a Node.js version manager (e.g., nvm or n) to set up the needed versions.
Prepare the project by installing all dependencies:
1npm install
Then, depending on your use-case you may run any of the following commands:
1# build the library and run all tests 2npm run all 3 4# spin up a single local form-js instance 5npm start 6 7# spin up a specific instance 8 9## viewer 10npm run start:viewer 11 12## editor 13npm run start:editor 14 15## playground 16npm run start:playground
To run the visual regression tests, read the docs here
License
Use under the terms of the bpmn.io license.
No vulnerabilities found.
Reason
30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/bpmn-io/.github/SECURITY.md:1
- Info: Found linked content: github.com/bpmn-io/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/bpmn-io/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/bpmn-io/.github/SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/CI.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/CI.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/CI.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/CI.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/DEPLOY_PLAYGROUND_PREVIEW.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/DEPLOY_PLAYGROUND_PREVIEW.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/MERGE_DEVELOP_TO_V2.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/MERGE_DEVELOP_TO_V2.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/MERGE_DEVELOP_TO_V2.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/MERGE_DEVELOP_TO_V2.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/MERGE_MASTER_TO_DEVELOP.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/MERGE_MASTER_TO_DEVELOP.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/MERGE_MASTER_TO_DEVELOP.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/MERGE_MASTER_TO_DEVELOP.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/POST_RELEASE.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/POST_RELEASE.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/POST_RELEASE.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/POST_RELEASE.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/TEARDOWN_PLAYGROUND_PREVIEW.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/TEARDOWN_PLAYGROUND_PREVIEW.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/UPDATE_VISUAL_SNAPSHOTS.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/UPDATE_VISUAL_SNAPSHOTS.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/UPDATE_VISUAL_SNAPSHOTS.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/UPDATE_VISUAL_SNAPSHOTS.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/UPDATE_VISUAL_SNAPSHOTS.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/UPDATE_VISUAL_SNAPSHOTS.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/VISUAL_REGRESSION.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/VISUAL_REGRESSION.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/VISUAL_REGRESSION.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/VISUAL_REGRESSION.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/VISUAL_REGRESSION.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/bpmn-io/form-js/VISUAL_REGRESSION.yml/develop?enable=pin
- Warn: npmCommand not pinned by hash: tasks/stages/update-demo:19
- Warn: npmCommand not pinned by hash: tasks/stages/update-examples:29
- Info: 6 out of 18 GitHub-owned GitHubAction dependencies pinned
- Info: 6 out of 12 third-party GitHubAction dependencies pinned
- Info: 4 out of 6 npmCommand dependencies pinned
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
Found 3/24 approved changesets -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/MERGE_DEVELOP_TO_V2.yml:11
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/MERGE_MASTER_TO_DEVELOP.yml:11
- Warn: no topLevel permission defined: .github/workflows/ADD_TO_HTO_PROJECT.yml:1
- Warn: no topLevel permission defined: .github/workflows/CI.yml:1
- Warn: no topLevel permission defined: .github/workflows/DEPLOY_PLAYGROUND_PREVIEW.yml:1
- Warn: no topLevel permission defined: .github/workflows/MERGE_DEVELOP_TO_V2.yml:1
- Warn: no topLevel permission defined: .github/workflows/MERGE_MASTER_TO_DEVELOP.yml:1
- Warn: no topLevel permission defined: .github/workflows/POST_RELEASE.yml:1
- Warn: no topLevel permission defined: .github/workflows/TASKLIST_CARBONISATION.yml:1
- Warn: no topLevel permission defined: .github/workflows/TEARDOWN_PLAYGROUND_PREVIEW.yml:1
- Warn: no topLevel permission defined: .github/workflows/UPDATE_VISUAL_SNAPSHOTS.yml:1
- Warn: no topLevel permission defined: .github/workflows/VISUAL_REGRESSION.yml:1
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'develop'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 12 are checked with a SAST tool
Score
4.7
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More