Gathering detailed insights and metrics for @charlietango/use-script
Installations
npm install @charlietango/use-scriptDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
17.5.0
NPM Version
lerna/4.0.0/node@v17.5.0+x64 (darwin)
Score
70.9
Supply Chain
74.4
Quality
77.4
Maintenance
100
Vulnerability
100
License
Releases
10
Contributors
7
Unable to fetch Contributors
Languages
2
TypeScript
JavaScript
TypeScript (97.35%)
JavaScript (2.65%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
charlie-tango
Download Statistics
Total Downloads
1,069,888
Last Day
10
Last Week
10
Last Month
7,572
Last Year
180,843
GitHub Statistics
76 Stars
204 Commits
10 Forks
5 Watching
2 Branches
7 Contributors
Bundle Size
1.42 kB
Minified
660.00 B
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
2.3.0
Package Id
@charlietango/use-script@2.3.0
Unpacked Size
9.46 kB
Size
3.01 kB
File Count
6
NPM Version
lerna/4.0.0/node@v17.5.0+x64 (darwin)
Node Version
17.5.0
Total Downloads
Cumulative downloads
Total Downloads
1,069,888
Last day
0%
10
Compared to previous day
Last week
-99.2%
10
Compared to previous week
Last month
-9.2%
7,572
Compared to previous month
Last year
-29.6%
180,843
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Versions
useScript
With useScript you can lazy-load external third party scripts, that your
components might depend on. It checks if the requested url already exists and reuses it, instead of creating a new load request.
Checkout the Storybook demo.
Installation
1yarn add @charlietango/use-script
API
1const [ready, status] = useScript(url)
The hook returns an array, where the first value is a boolean indicating if the script is ready.
The second value is the current loading status, that will be one of the ScriptStatus enum values:
1enum ScriptStatus { 2 IDLE = 'idle', 3 LOADING = 'loading', 4 READY = 'loaded', 5 ERROR = 'error', 6}
Example
1import React from 'react' 2import useScript, { ScriptStatus } from '@charlietango/use-script' 3 4const Component = () => { 5 const [ready, status] = useScript('https://api.google.com/api.js') 6 7 if (status === ScriptStatus.ERROR) { 8 return <div>Failed to load Google API</div> 9 } 10 11 return <div>Google API Ready: {ready}</div> 12} 13 14export default Component
No vulnerabilities found.
Reason
12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-8gvc-j273-4wm5
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-9crc-q9x8-hgqq
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'
- Warn: could not determine whether codeowners review is allowed
- Warn: no status checks found to merge onto branch 'main'
- Warn: PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings
Reason
Found 1/16 approved changesets -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg-pr.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/pkg-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg-pr.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/pkg-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size-limit.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/size-limit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size-limit.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/size-limit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/size-limit.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/size-limit.yml/main?enable=pin
- Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Warn: no topLevel permission defined: .github/workflows/pkg-pr.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:4
- Info: no jobLevel write permissions found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 22 are checked with a SAST tool
Score
4.3
/10
Last Scanned on 2025-02-03
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More