Gathering detailed insights and metrics for @codesandbox/sandpack-react
Gathering detailed insights and metrics for @codesandbox/sandpack-react
Installations
npm install @codesandbox/sandpack-reactDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Node Version
18.20.6
NPM Version
lerna/7.4.1/node@v18.20.6+x64 (linux)
Score
71.6
Supply Chain
70.8
Quality
95.9
Maintenance
100
Vulnerability
99.1
License
Releases
372
Contributors
87
Languages
5
TypeScript
MDX
JavaScript
CSS
SCSS
TypeScript (83.86%)
MDX (9.19%)
JavaScript (4.22%)
CSS (1.95%)
SCSS (0.78%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
Download Statistics
Total Downloads
8,095,335
Last Day
33,011
Last Week
172,990
Last Month
744,981
Last Year
5,624,975
GitHub Statistics
Apache-2.0 License
5,194 Stars
1,142 Commits
389 Forks
26 Watchers
23 Branches
87 Contributors
Updated on Feb 19, 2025
Maintainers
4
Package Meta Information
Latest Version
2.20.0
Package Id
@codesandbox/sandpack-react@2.20.0
Unpacked Size
1.15 MB
Size
235.85 kB
File Count
232
NPM Version
lerna/7.4.1/node@v18.20.6+x64 (linux)
Node Version
18.20.6
Published on
Feb 14, 2025
Total Downloads
Cumulative downloads
Total Downloads
8,095,335
Last Day
8.6%
33,011
Compared to previous day
Last Week
-19.4%
172,990
Compared to previous week
Last Month
40.4%
744,981
Compared to previous month
Last Year
176.3%
5,624,975
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
19
@codemirror/autocomplete@codemirror/commands@codemirror/lang-css@codemirror/lang-html@codemirror/lang-javascript@codemirror/language@codemirror/state@codemirror/view@codesandbox/sandpack-client@lezer/highlight@react-hook/intersection-observer@stitches/coreanserclean-setdequalescape-carriagelz-stringreact-devtools-inlinereact-is
Dev Dependencies
20
@babel/core@codemirror/lang-python@codemirror/legacy-modes@codesandbox/sandpack-themes@storybook/react@storybook/react-vite@testing-library/dom@testing-library/jest-dom@testing-library/react@types/fs-extra@types/glob@types/lz-string@types/node@types/reactacorn-walkastringbabel-loaderrollup-plugin-filesizestorybooktypescript
Sandpack React
React components that give you the power of editable sandboxes that run in the browser.
1import { Sandpack } from "@codesandbox/sandpack-react"; 2 3<Sandpack template="react" />;
Documentation
For full documentation, visit https://sandpack.codesandbox.io/docs/
No vulnerabilities found.
Reason
8 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
SAST tool is not run on all commits -- score normalized to 7
Details
- Warn: 14 commits out of 19 are checked with a SAST tool
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
- Info: 'stale review dismissal' is required to merge on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Warn: codeowners review is not required on branch 'main'
- Info: 'last push approval' is required to merge on branch 'main'
- Warn: no status checks found to merge onto branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
Found 8/25 approved changesets -- score normalized to 3
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/check-pr.yml:1
- Warn: no topLevel permission defined: .github/workflows/checks.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-canary.yml:1
- Warn: topLevel permissions set to 'write-all': .github/workflows/release.yml:8
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-pr.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/check-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/checks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/checks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/checks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/checks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/checks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/checks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/checks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/checks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-canary.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/release-canary.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-canary.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/release-canary.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-canary.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/release-canary.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/util-csb-projects.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/codesandbox/sandpack/util-csb-projects.yml/main?enable=pin
- Info: 0 out of 16 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 5 third-party GitHubAction dependencies pinned
Reason
19 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-vhxf-7vqr-mrjg
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-cg87-wmx4-v546
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-7gfc-8cq8-jh5f
- Warn: Project is vulnerable to: GHSA-7m27-7ghc-44w9
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
Score
4.7
/10
Last Scanned on 2025-02-17
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More