Gathering detailed insights and metrics for @commercetools/sdk-client-v2
Gathering detailed insights and metrics for @commercetools/sdk-client-v2
The e-commerce SDK from commercetools for JavaScript written in TypeScript.
Installations
npm install @commercetools/sdk-client-v2Developer Guide
BETA
Typescript
Yes
Module System
CommonJS, UMD
Min. Node Version
>=18
Node Version
20.18.0
NPM Version
10.8.2
Score
99.3
Supply Chain
100
Quality
83.1
Maintenance
100
Vulnerability
100
License
Releases
269
@commercetools/platform-sdk@8.12.0
@commercetools/platform-sdk@8.12.0
Updated on Jul 04, 2025
@commercetools/history-sdk@5.4.0
@commercetools/history-sdk@5.4.0
Updated on Jul 04, 2025
@commercetools/importapi-sdk@6.4.0
@commercetools/importapi-sdk@6.4.0
Updated on Jul 04, 2025
@commercetools/platform-sdk@8.11.0
@commercetools/platform-sdk@8.11.0
Updated on Jun 06, 2025
@commercetools/ts-client@3.4.1
@commercetools/ts-client@3.4.1
Updated on Jun 06, 2025
@commercetools/importapi-sdk@6.3.0
@commercetools/importapi-sdk@6.3.0
Updated on Jun 03, 2025
Languages
3
TypeScript
JavaScript
Makefile
TypeScript (99.85%)
JavaScript (0.12%)
Makefile (0.03%)
Developer
Download Statistics
Total Downloads
10,617,652
Last Day
1,046
Last Week
90,802
Last Month
630,480
Last Year
4,571,812
GitHub Statistics
MIT License
56 Stars
1,111 Commits
27 Forks
41 Watchers
17 Branches
338 Contributors
Updated on Jul 04, 2025
Bundle Size
21.13 kB
Minified
6.48 kB
Minified + Gzipped
Maintainers
12
Package Meta Information
Latest Version
3.0.0
Package Id
@commercetools/sdk-client-v2@3.0.0
Unpacked Size
320.85 kB
Size
78.47 kB
File Count
40
NPM Version
10.8.2
Node Version
20.18.0
Published on
Jan 08, 2025
Total Downloads
Cumulative downloads
Total Downloads
10,617,652
Last Day
3.2%
1,046
Compared to previous day
Last Week
-10.6%
90,802
Compared to previous week
Last Month
57.9%
630,480
Compared to previous month
Last Year
23.4%
4,571,812
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
5
Commercetools Composable Commerce TypeScript SDK client
Usage examples
Browser environment
1<script src="https://unpkg.com/@commercetools/sdk-client-v2@latest/dist/commercetools-sdk-client-v2.umd.js"></script> 2<script src="https://unpkg.com/@commercetools/platform-sdk@latest/dist/commercetools-platform-sdk.umd.js"></script>
1<script> 2 // global: @commercetools/sdk-client-v2 3 // global: @commercetools/platform-sdk 4 ;(function () { 5 // We can now access the sdk-client-v2 and platform-sdk object as: 6 // const { ClientBuilder } = this['@commercetools/sdk-client-v2'] 7 // const { createApiBuilderFromCtpClient } = this['@commercetools/platform-sdk'] 8 // or 9 // const { ClientBuilder } = window['@commercetools/sdk-client-v2'] 10 // const { createApiBuilderFromCtpClient } = window['@commercetools/platform-sdk'] 11 })() 12</script>
See full usage example here
Node environment
1npm install --save @commercetools/sdk-client-v2 2npm install --save @commercetools/platform-sdk
1const { 2 ClientBuilder, 3 createAuthForClientCredentialsFlow, 4 createHttpClient, 5} = require('@commercetools/sdk-client-v2') 6const { createApiBuilderFromCtpClient } = require('@commercetools/platform-sdk') 7 8const projectKey = 'mc-project-key' 9const authMiddlewareOptions = { 10 host: 'https://auth.europe-west1.gcp.commercetools.com', 11 projectKey, 12 credentials: { 13 clientId: 'mc-client-id', 14 clientSecret: 'mc-client-secrets', 15 }, 16 oauthUri: '/oauth/token', // - optional: custom oauthUri 17 scopes: [`manage_project:${projectKey}`], 18 fetch, 19} 20 21const httpMiddlewareOptions = { 22 host: 'https://api.europe-west1.gcp.commercetools.com', 23 fetch, 24} 25 26const client = new ClientBuilder() 27 .withProjectKey(projectKey) 28 .withMiddleware(createAuthForClientCredentialsFlow(authMiddlewareOptions)) 29 .withMiddleware(createHttpClient(httpMiddlewareOptions)) 30 .withUserAgentMiddleware() 31 .build() 32 33// or 34const client = new ClientBuilder() 35 .withProjectKey(projectKey) 36 .withClientCredentialsFlow(authMiddlewareOptions) 37 .withHttpMiddleware(httpMiddlewareOptions) 38 .withUserAgentMiddleware() 39 .build() 40 41const apiRoot = createApiBuilderFromCtpClient(client) 42 43// calling the Composable Commerce functions 44// get project details 45apiRoot 46 .withProjectKey({ 47 projectKey, 48 }) 49 .get() 50 .execute() 51 .then((x) => { 52 /*...*/ 53 }) 54 55// create a productType 56apiRoot 57 .withProjectKey({ projectKey }) 58 .productTypes() 59 .post({ 60 body: { name: 'product-type-name', description: 'some description' }, 61 }) 62 .execute() 63 .then((x) => { 64 /*...*/ 65 }) 66 67// create a product 68apiRoot 69 .withProjectKey({ projectKey }) 70 .products() 71 .post({ 72 body: { 73 name: { en: 'our-great-product-name' }, 74 productType: { 75 typeId: 'product-type', 76 id: 'some-product-type-id', 77 }, 78 slug: { en: 'some-slug' }, 79 }, 80 }) 81 .execute() 82 .then((x) => { 83 /*...*/ 84 }) 85 86// ----------------------------------------------------------------------- 87// The sdk-client-v2 also has support for the old syntax 88import { 89 createClient, 90 createHttpClient, 91 createAuthForClientCredentialsFlow, 92} from '@commercetools/sdk-client-v2' 93import { createApiBuilderFromCtpClient } from '@commercetools/platform-sdk' 94 95const projectKey = 'some_project_key' 96 97const authMiddleware = createAuthForClientCredentialsFlow({ 98 host: 'https://auth.europe-west1.gcp.commercetools.com', 99 projectKey, 100 credentials: { 101 clientId: 'some_id', 102 clientSecret: 'some_secret', 103 }, 104 fetch, 105}) 106 107const httpMiddleware = createHttpClient({ 108 host: 'https://api.europe-west1.gcp.commercetools.com', 109 fetch, 110}) 111 112const ctpClient = createClient({ 113 middlewares: [authMiddleware, httpMiddleware], 114}) 115 116const apiRoot = createApiBuilderFromCtpClient(ctpClient) 117 118apiRoot 119 .withProjectKey({ 120 projectKey, 121 }) 122 .get() 123 .execute() 124 .then((x) => { 125 /*...*/ 126 }) 127 128apiRoot 129 .withProjectKey({ projectKey }) 130 .productTypes() 131 .post({ 132 body: { name: 'product-type-name', description: 'some description' }, 133 }) 134 .execute() 135 .then((x) => { 136 /*...*/ 137 }) 138 139apiRoot 140 .withProjectKey({ projectKey }) 141 .products() 142 .post({ 143 body: { 144 name: { en: 'our-great-product-name' }, 145 productType: { 146 typeId: 'product-type', 147 id: 'some-product-type-id', 148 }, 149 slug: { en: 'some-slug' }, 150 }, 151 }) 152 .execute() 153 .then((x) => { 154 /*...*/ 155 })
See full usage example here
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no binaries found in the repo
Reason
SAST tool is run on all commits
Details
- Info: all commits (28) are checked with a SAST tool
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'master'
- Info: 'force pushes' disabled on branch 'master'
- Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'
- Warn: branch 'master' does not require approvers
- Warn: codeowners review is not required on branch 'master'
- Info: status check found to merge onto on branch 'master'
- Warn: PRs are not required to make changes on branch 'master'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-pr.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/create-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-pr.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/create-pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/docs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/docs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/docs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/docs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/docs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/docs.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/commercetools/commercetools-sdk-typescript/release.yml/master?enable=pin
- Warn: containerImage not pinned by hash: examples/datadog-express-apm/container-agent/Dockerfile:1: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:674181320f4f94582c6182eaa151bf92c6744d478be0f1d12db804b7d59b2d11
- Info: 2 out of 13 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 7 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 containerImage dependencies pinned
Reason
Found 0/2 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: topLevel 'actions' permission set to 'write': .github/workflows/create-pr.yml:11
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/create-pr.yml:12
- Info: found token with 'none' permissions: .github/workflows/docs.yml:1
- Warn: topLevel 'actions' permission set to 'write': .github/workflows/release.yml:9
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:10
- Warn: topLevel 'security-events' permission set to 'write': .github/workflows/semgrep.yml:11
- Info: topLevel 'actions' permission set to 'read': .github/workflows/semgrep.yml:13
- Info: topLevel 'contents' permission set to 'read': .github/workflows/semgrep.yml:14
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
5.2
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More