Gathering detailed insights and metrics for @contentful/f36-core
Gathering detailed insights and metrics for @contentful/f36-core
Installations
npm install @contentful/f36-coreReleases
7,443
@contentful/f36-components@4.74.3
@contentful/f36-components@4.74.3
Published on 27 Nov 2024
@contentful/f36-core@4.74.3
@contentful/f36-core@4.74.3
Published on 27 Nov 2024
@contentful/f36-typography@4.74.3
@contentful/f36-typography@4.74.3
Published on 27 Nov 2024
@contentful/f36-tooltip@4.74.3
@contentful/f36-tooltip@4.74.3
Published on 27 Nov 2024
@contentful/f36-text-link@4.74.3
@contentful/f36-text-link@4.74.3
Published on 27 Nov 2024
@contentful/f36-tabs@4.74.3
@contentful/f36-tabs@4.74.3
Published on 27 Nov 2024
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
18.20.4
NPM Version
10.7.0
Statistics
335 Stars
3,696 Commits
81 Forks
61 Watching
33 Branches
274 Contributors
Updated on 28 Nov 2024
Bundle Size
31.63 kB
Minified
11.17 kB
Minified + Gzipped
Languages
TypeScript (84.3%)
JavaScript (11.43%)
MDX (3.55%)
CSS (0.57%)
Handlebars (0.15%)
Total Downloads
Cumulative downloads
Total Downloads
5,879,070
Last day
-22.5%
5,407
Compared to previous day
Last week
0.3%
33,060
Compared to previous week
Last month
28.1%
146,656
Compared to previous month
Last year
-31.3%
1,656,591
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Forma 36 - The Contentful Design System
Forma 36 is an open-source design system by Contentful created with the intent to reduce the overhead of creating UI by providing tools and guidance for digital teams building and extending Contentful products
Table of contents
- Table of contents
- Development
- Commits & releases
- Testing with your own project locally
- Get involved
- Reach out to us
- License
- Code of Conduct
- Contributors ✨
Creating new packages
We use Plop to create scripts that help you to scaffold new packages. In the root of the repo, you can run npm run-script generate. Then follow the steps in the CLI. Plop will generate the relevant files and add the relevant imports and exports to the main src/index.ts file required to make the component available when publishing the library. Read more about contribution to Forma 36.
Development
For local development, in the root of the repo run npm i to install all dependencies and then npm run-script build to build all packages. Now follow the instructions of the specific package you’re working on.
You will find each package’s instructions in their README files, check the Packages section for a list of all packages.
In case you are having problems to install the dependencies, try using NVM to get the same node version we use by running
nvm usein the root of the repo
Storybook for f36-components
We use storybook with our react component library to develop components. You can start it from the root of the repo, just run npm run-script storybook after building.
Commits & releases
Use npm run-script commit. This uses the Commitzen CLI to create a conventional commit message based on your changes. CI is setup to release all new commits on the main branch that contains a new changeset.
Read more about changeset here
Testing with your own project locally
You can test changes to a package of this monorepo in your own project locally by taking the following steps:
- Run
npm run-script buildin the desired package's directory to ensure your latest changes have been built - Run
npm linkin the desired package's directory - Change to your local project's directory and run
npm link NAME_OF_PACKAGEto link to the local version of the package (e.g.npm link @contentful/f36-components)
Get involved
We appreciate any help on our repositories. For more details about how to contribute to a package, see the README of the corresponding package.
Reach out to us
You can reach out to us using the Contentful Community Discord.
You found a bug or want to propose a feature?
Create an issue using one of the templates 
.
Make sure to remove any credential from your code before sharing it.
License
This repository is published under the MIT license.
Code of Conduct
We want to provide a safe, inclusive, welcoming, and harassment-free space and experience for all participants, regardless of gender identity and expression, sexual orientation, disability, physical appearance, socioeconomic status, body size, ethnicity, nationality, level of experience, age, religion (or lack thereof), or other identity markers.
Read our full Code of Conduct.
Contributors ✨
Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind welcome!
No vulnerabilities found.
Reason
30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/contentful/.github/SECURITY.md:1
- Info: Found linked content: github.com/contentful/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/contentful/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/contentful/.github/SECURITY.md:1
Reason
no binaries found in the repo
Reason
Found 13/26 approved changesets -- score normalized to 5
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-approve.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/contentful/forma-36/auto-approve.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-cdn.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/contentful/forma-36/deploy-cdn.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-cdn.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/contentful/forma-36/deploy-cdn.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size-limit.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/contentful/forma-36/size-limit.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/size-limit.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/contentful/forma-36/size-limit.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/contentful/forma-36/stale.yml/main?enable=pin
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/auto-approve.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy-cdn.yml:1
- Warn: no topLevel permission defined: .github/workflows/remove-stale.yml:1
- Warn: no topLevel permission defined: .github/workflows/size-limit.yml:1
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 18 are checked with a SAST tool
Reason
29 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-pwfr-8pq7-x9qv
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-jrvm-mcxc-mf6m
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c59h-r6p8-q9wc
- Warn: Project is vulnerable to: GHSA-g77x-44xx-532m
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-6g33-8w2q-4hxv
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-mgfv-m47x-4wqp
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
5.1
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More