Gathering detailed insights and metrics for @charlietango/use-script
Gathering detailed insights and metrics for @charlietango/use-script
Collection of React Hooks used by Charlie Tango
Installations
npm install @charlietango/use-scriptDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
17.5.0
NPM Version
lerna/4.0.0/node@v17.5.0+x64 (darwin)
Score
72.3
Supply Chain
74.4
Quality
77.4
Maintenance
100
Vulnerability
100
License
Releases
11
Languages
2
TypeScript
JavaScript
TypeScript (97.36%)
JavaScript (2.64%)
Developer
charlie-tango
Download Statistics
Total Downloads
1,115,966
Last Day
23
Last Week
2,399
Last Month
10,309
Last Year
156,510
GitHub Statistics
MIT License
78 Stars
211 Commits
10 Forks
4 Watchers
3 Branches
7 Contributors
Updated on May 24, 2025
Bundle Size
1.42 kB
Minified
660.00 B
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
2.3.0
Package Id
@charlietango/use-script@2.3.0
Unpacked Size
9.46 kB
Size
3.01 kB
File Count
6
NPM Version
lerna/4.0.0/node@v17.5.0+x64 (darwin)
Node Version
17.5.0
Total Downloads
Cumulative downloads
Total Downloads
1,115,966
Last Day
-50%
23
Compared to previous day
Last Week
14.6%
2,399
Compared to previous week
Last Month
-3%
10,309
Compared to previous month
Last Year
-34%
156,510
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
useScript
With useScript you can lazy-load external third party scripts, that your
components might depend on. It checks if the requested url already exists and reuses it, instead of creating a new load request.
Checkout the Storybook demo.
Installation
1yarn add @charlietango/use-script
API
1const [ready, status] = useScript(url)
The hook returns an array, where the first value is a boolean indicating if the script is ready.
The second value is the current loading status, that will be one of the ScriptStatus enum values:
1enum ScriptStatus { 2 IDLE = 'idle', 3 LOADING = 'loading', 4 READY = 'loaded', 5 ERROR = 'error', 6}
Example
1import React from 'react' 2import useScript, { ScriptStatus } from '@charlietango/use-script' 3 4const Component = () => { 5 const [ready, status] = useScript('https://api.google.com/api.js') 6 7 if (status === ScriptStatus.ERROR) { 8 return <div>Failed to load Google API</div> 9 } 10 11 return <div>Google API Ready: {ready}</div> 12} 13 14export default Component
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
Reason
7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'
- Warn: could not determine whether codeowners review is allowed
- Warn: no status checks found to merge onto branch 'main'
- Warn: PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings
Reason
Found 0/15 approved changesets -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg-pr.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/pkg-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg-pr.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/pkg-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size-limit.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/size-limit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size-limit.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/size-limit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/size-limit.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/charlie-tango/hooks/size-limit.yml/main?enable=pin
- Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Warn: no topLevel permission defined: .github/workflows/pkg-pr.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:4
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 23 are checked with a SAST tool
Score
3.9
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More