Gathering detailed insights and metrics for @coderspirit/nominal-typebox
Gathering detailed insights and metrics for @coderspirit/nominal-typebox
Installations
npm install @coderspirit/nominal-typeboxReleases
13
nominal-inputs@1.2.0
nominal-inputs@1.2.0
Published on 13 Aug 2024
nominal-typebox@1.1.0
nominal-typebox@1.1.0
Published on 12 Aug 2024
nominal-symbols@2.0.1
nominal-symbols@2.0.1
Published on 08 Aug 2024
nominal@4.0.3 , nominal-inputs@1.0.3 , safe-env@1.0.0
4.0.3
Published on 08 Apr 2024
nominal@4.0.0 & nominal-symbols@2.0.0
4.0.0
Published on 15 Oct 2023
3.2.2
3.2.2
Published on 23 Oct 2022
Developer
Coder-Spirit
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
>=18.0.0
Typescript Support
Yes
Node Version
22.6.0
NPM Version
10.8.2
Statistics
75 Stars
190 Commits
3 Watching
7 Branches
1 Contributors
Updated on 11 Nov 2024
Languages
TypeScript (95.39%)
JavaScript (4.42%)
Shell (0.18%)
Total Downloads
Cumulative downloads
Total Downloads
549
Last day
0%
3
Compared to previous day
Last week
-50%
22
Compared to previous week
Last month
51.8%
126
Compared to previous month
Last year
0%
549
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Packages in this repository:
- @coderspirit/nominal
- @coderspirit/nominal-inputs
- @coderspirit/nominal-symbols
- @coderspirit/nominal-typebox
- @coderspirit/safe-env
- @coderspirit/lambda-ioc
Community
- For slow-paced discussions, debates, ideas, etc. that don't fit into specific issues or PRs, we have a discussions section.
- For more unstructured and "real time" conversations, we have a Discord space.
- How to Contribute
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no binaries found in the repo
Reason
all dependencies are pinned
Details
- Info: 5 out of 5 GitHub-owned GitHubAction dependencies pinned
- Info: 4 out of 4 third-party GitHubAction dependencies pinned
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/npm_publish.yml:10
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
Reason
Found 0/17 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/npm_publish.yml:21
- Warn: no topLevel permission defined: .github/workflows/greetings.yml:1
- Warn: no topLevel permission defined: .github/workflows/npm_publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/tests.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
5.1
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More