Gathering detailed insights and metrics for @coveo/cra-template
Gathering detailed insights and metrics for @coveo/cra-template
A command-line interface to interact with the Coveo platform and quickly create Coveo Headless-powered search pages with Angular, React or Vue.js.
Installations
npm install @coveo/cra-templateDeveloper Guide
BETA
Typescript
No
Module System
N/A
Min. Node Version
^18.18.1 || ^20.9.0
Node Version
20.12.2
NPM Version
9.6.5
Releases
111
Release v3.2.11
release-29
Updated on Mar 24, 2025
Release v3.2.7
@coveo/cli@3.2.7
Updated on Jul 03, 2024
Release v3.2.6
@coveo/cli@3.2.6
Updated on May 13, 2024
Release v3.2.4
@coveo/cli@3.2.4
Updated on Mar 18, 2024
Release v3.2.3
@coveo/cli@3.2.3
Updated on Mar 14, 2024
Release v3.2.2
@coveo/cli@3.2.2
Updated on Feb 21, 2024
Languages
13
TypeScript
JavaScript
HTML
Vue
CSS
Handlebars
SCSS
Dockerfile
PowerShell
HCL
Shell
Batchfile
Python
TypeScript (57.23%)
JavaScript (38.24%)
HTML (2.8%)
Vue (0.8%)
CSS (0.22%)
Handlebars (0.21%)
SCSS (0.2%)
Dockerfile (0.15%)
PowerShell (0.06%)
HCL (0.04%)
Shell (0.04%)
Batchfile (0.01%)
Developer
coveo
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
22 Stars
1,193 Commits
6 Forks
6 Watchers
75 Branches
33 Contributors
Updated on Jul 11, 2025
Maintainers
16
Package Meta Information
Latest Version
1.38.25
Package Id
@coveo/cra-template@1.38.25
Unpacked Size
63.58 kB
Size
24.64 kB
File Count
40
NPM Version
9.6.5
Node Version
20.12.2
Published on
Mar 25, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
22
@coveo/headless@coveo/search-token-server@emotion/react@emotion/styled@mui/material@testing-library/jest-dom@testing-library/react@testing-library/user-event@types/jest@types/node@types/react@types/react-dom@types/react-router-domconcurrentlydotenveslintget-portprettierreactreact-domreact-router-domtypescript
@coveo/cra-template
This is the Coveo template for Create React App.
To use this template, add --template @coveo/cra-template when creating a new app.
For example:
1npx create-react-app my-app --template @coveo/cra-template 2 3# or 4 5yarn create react-app my-app --template @coveo/cra-template
For more information, please refer to:
- Getting Started – How to create a new app.
- User Guide – How to develop apps bootstrapped with Create React App.
No vulnerabilities found.
Reason
security policy file detected
Details
- Info: security policy file detected: .github/SECURITY.md:1
- Info: Found linked content: .github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1
- Info: Found text in security policy: .github/SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
binaries present in source code
Details
- Warn: binary detected: packages/cli-e2e/entrypoints/utils/SetUserFTA/SetUserFTA.exe:1
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 10 commits out of 23 are checked with a SAST tool
Reason
Found 22/29 approved changesets -- score normalized to 7
Reason
dependency not pinned by hash detected -- score normalized to 6
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependency-review.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/coveo/cli/dependency-review.yml/master?enable=pin
- Warn: containerImage not pinned by hash: packages/cli-e2e/docker/Dockerfile:1: pin your Docker image by updating node:lts-buster to node:lts-buster@sha256:479103df06b40b90f189461b6f824a62906683e26a32c77d7c3e2d855a0e3e9f
- Warn: npmCommand not pinned by hash: packages/cli-e2e/entrypoints/ci.sh:15
- Warn: npmCommand not pinned by hash: packages/cli-e2e/entrypoints/ci.sh:16
- Warn: npmCommand not pinned by hash: .github/workflows/daily-e2e.yml:86
- Warn: npmCommand not pinned by hash: .github/workflows/daily-e2e.yml:47
- Warn: npmCommand not pinned by hash: .github/workflows/prbot.yml:19
- Warn: npmCommand not pinned by hash: .github/workflows/renovate-config-validator.yml:24
- Info: 36 out of 36 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 containerImage dependencies pinned
- Info: 8 out of 14 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dangerous workflow patterns detected
Details
- Warn: untrusted code checkout '${{ github.event.workflow_run.head_branch }}': .github/workflows/renovate-jest-snap-updater.yml:37
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:22
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:21
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/daily-e2e.yml:1
- Warn: no topLevel permission defined: .github/workflows/delete-resources.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:8
- Warn: no topLevel permission defined: .github/workflows/git-lock-fail.yml:1
- Warn: no topLevel permission defined: .github/workflows/git-lock-success.yml:1
- Warn: no topLevel permission defined: .github/workflows/merge-bot.yml:1
- Warn: no topLevel permission defined: .github/workflows/package-lock-root-fail.yml:1
- Warn: no topLevel permission defined: .github/workflows/package-lock-root-success.yml:1
- Warn: no topLevel permission defined: .github/workflows/package-lock-version-fail.yml:1
- Warn: no topLevel permission defined: .github/workflows/package-lock-version-succes.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-title-semantic-lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/prbot.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/renovate-config-validator.yml:1
- Warn: no topLevel permission defined: .github/workflows/renovate-jest-snap-updater.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact release-29 not signed: https://api.github.com/repos/coveo/cli/releases/207975977
- Warn: release artifact @coveo/cli@3.2.7 not signed: https://api.github.com/repos/coveo/cli/releases/163843473
- Warn: release artifact @coveo/cli@3.2.6 not signed: https://api.github.com/repos/coveo/cli/releases/155569730
- Warn: release artifact @coveo/cli@3.2.4 not signed: https://api.github.com/repos/coveo/cli/releases/147081536
- Warn: release artifact @coveo/cli@3.2.3 not signed: https://api.github.com/repos/coveo/cli/releases/146690035
- Warn: release artifact release-29 does not have provenance: https://api.github.com/repos/coveo/cli/releases/207975977
- Warn: release artifact @coveo/cli@3.2.7 does not have provenance: https://api.github.com/repos/coveo/cli/releases/163843473
- Warn: release artifact @coveo/cli@3.2.6 does not have provenance: https://api.github.com/repos/coveo/cli/releases/155569730
- Warn: release artifact @coveo/cli@3.2.4 does not have provenance: https://api.github.com/repos/coveo/cli/releases/147081536
- Warn: release artifact @coveo/cli@3.2.3 does not have provenance: https://api.github.com/repos/coveo/cli/releases/146690035
Reason
67 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-hpx4-r86g-5jrg
- Warn: Project is vulnerable to: GHSA-prr3-c3m5-p7q2
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-pwfr-8pq7-x9qv
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gx9m-whjm-85jf
- Warn: Project is vulnerable to: GHSA-mmhx-hmjr-r674
- Warn: Project is vulnerable to: GHSA-vhxf-7vqr-mrjg
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-75v8-2h7p-7m2m
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
- Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
- Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
- Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
- Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
- Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: PYSEC-2021-328 / GHSA-22gh-3r9q-xf38
- Warn: Project is vulnerable to: PYSEC-2018-56 / GHSA-6m53-c78q-7qmg
- Warn: Project is vulnerable to: PYSEC-2022-170 / GHSA-gcx2-gvj7-pxv3
- Warn: Project is vulnerable to: GHSA-wg33-5h85-7q5p
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Score
3.3
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More