Gathering detailed insights and metrics for @coveo/auth
Gathering detailed insights and metrics for @coveo/auth
Installations
npm install @coveo/authReleases
Unable to fetch releases
Developer
coveo
Developer Guide
BETA
Module System
CommonJS, UMD
Min. Node Version
^20.9.0 || ^22.11.0
Typescript Support
Yes
Node Version
22.11.0
NPM Version
10.9.0
Statistics
52 Stars
4,997 Commits
34 Forks
11 Watching
95 Branches
82 Contributors
Updated on 28 Nov 2024
Bundle Size
2.13 kB
Minified
1.04 kB
Minified + Gzipped
Languages
TypeScript (82.43%)
JavaScript (10.63%)
HTML (5.3%)
CSS (1.35%)
Apex (0.23%)
Vue (0.05%)
Total Downloads
Cumulative downloads
Total Downloads
58,486
Last day
0%
11
Compared to previous day
Last week
-76.1%
104
Compared to previous week
Last month
274.6%
2,656
Compared to previous month
Last year
39.1%
30,352
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
5
Versions
Coveo UI Kit
Projects
- Headless: Stateful middle-layer between UI elements and the Coveo Platform.
- Atomic: Coveo's web-component library for building modern search experiences.
- Quantic: Coveo's LWC library for building Salesforce search experiences.
- Bueno: A simple schema validator.
- Auth: Functions to help authenticate with the Coveo platform.
- Headless React Samples: Various code samples using Headless inside a React application.
Install
To install all dependencies and link local packages, run:
1npm i
To install a dependency in a specific package, specify the workspace:
1npm i lodash -w @coveo/headless-react-samples
Build
To build all projects for production, run:
1npm run build
To build a single project for production (for instance, the atomic package), run:
1npx nx run atomic:build
Development mode
To start Atomic & Headless simultaneously in development (recommended), run:
1npx nx run atomic:dev
To start a single project in development (for instance, the quantic package), run:
1npx nx run quantic:dev
To run a specific task in a package separate it with colon e.g. to run test:watch inside quantic
1npx nx run quantic:test:watch
To start story book in development, run:
1npx nx run atomic-storybook:dev
Test
To run the tests for a specific package (recommended) e.g. atomic package
1npx nx run atomic:test
For e2e tests
1npx nx run atomic:dev 2# In a separate terminal 3npx nx run atomic:e2e
To run e2e tests for specific files/components using the Cypress GUI
1npx nx run atomic:e2e:watch
Lint
1npm run lint:check 2npm run lint:fix
Misc
The project uses git hooks with Husky. You can make sure hooks are correctly installed using the npm rebuild command.
The following Visual Studio Code extensions are recommended:
No vulnerabilities found.
Reason
all changesets reviewed
Reason
30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.md:0
Reason
no binaries found in the repo
Reason
dependency not pinned by hash detected -- score normalized to 9
Details
- Warn: npmCommand not pinned by hash: .github/workflows/masterbot.yml:33
- Info: 43 out of 43 GitHub-owned GitHubAction dependencies pinned
- Info: 43 out of 43 third-party GitHubAction dependencies pinned
- Info: 2 out of 3 npmCommand dependencies pinned
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'master'
- Info: 'force pushes' disabled on branch 'master'
- Warn: required approving review count is 1 on branch 'master'
- Info: codeowner review is required on branch 'master'
- Info: status check found to merge onto on branch 'master'
- Info: PRs are required in order to make changes on branch 'master'
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/label.yml:11
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:96
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yml:97
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:23
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yml:24
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:57
- Warn: no topLevel permission defined: .github/workflows/create-quantic-package.yml:1
- Warn: no topLevel permission defined: .github/workflows/delete-pr-artifact-on-merge.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:8
- Warn: no topLevel permission defined: .github/workflows/e2e-quantic.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/label.yml:5
- Info: topLevel 'contents' permission set to 'read': .github/workflows/masterbot.yml:8
- Info: topLevel 'contents' permission set to 'read': .github/workflows/package-lock-root-fail.yml:18
- Info: topLevel 'contents' permission set to 'read': .github/workflows/package-lock-root-success.yml:16
- Warn: no topLevel permission defined: .github/workflows/prbot.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
24 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-4wx3-54gh-9fr9
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-g77x-44xx-532m
- Warn: Project is vulnerable to: GHSA-gp8f-8m3g-qvj9
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-x3m3-4wpv-5vgc
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-mxhp-79qh-mcx6
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
5.7
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More