Gathering detailed insights and metrics for @daotl/typescript-eslint-scope-manager
Installations
npm install @daotl/typescript-eslint-scope-managerDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
^12.22.0 || ^14.17.0 || >=16.0.0
Node Version
18.9.0
NPM Version
8.19.1
Score
76.7
Supply Chain
99.1
Quality
77.3
Maintenance
100
Vulnerability
100
License
Releases
328
Contributors
704
Languages
5
TypeScript
MDX
JavaScript
CSS
Vue
TypeScript (88.51%)
MDX (7.76%)
JavaScript (3.21%)
CSS (0.48%)
Vue (0.04%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
Download Statistics
Total Downloads
288
Last Day
1
Last Week
3
Last Month
13
Last Year
68
GitHub Statistics
MIT License
15,521 Stars
5,808 Commits
2,772 Forks
91 Watchers
23 Branches
704 Contributors
Updated on Feb 20, 2025
Bundle Size
146.30 kB
Minified
28.48 kB
Minified + Gzipped
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
5.40.0
Package Id
@daotl/typescript-eslint-scope-manager@5.40.0
Unpacked Size
563.29 kB
Size
93.85 kB
File Count
547
NPM Version
8.19.1
Node Version
18.9.0
Total Downloads
Cumulative downloads
Total Downloads
288
Last Day
0%
1
Compared to previous day
Last Week
50%
3
Compared to previous week
Last Month
160%
13
Compared to previous month
Last Year
-39.8%
68
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
TypeScript Scope Manager
This is a fork of eslint-scope, enhanced to support TypeScript functionality.
You can view the original license for the code here.
This package is consumed automatically by @typescript-eslint/parser.
You probably don't want to use it directly.
Getting Started
You can find our Getting Started docs here
Installation
1$ yarn add -D typescript @typescript-eslint/scope-manager 2$ npm i --save-dev typescript @typescript-eslint/scope-manager
API
analyze(tree, options)
Analyses a given AST and returns the resulting ScopeManager.
1interface AnalyzeOptions { 2 /** 3 * Known visitor keys. 4 */ 5 childVisitorKeys?: Record<string, string[]> | null; 6 7 /** 8 * Which ECMAScript version is considered. 9 * Defaults to `2018`. 10 * `'latest'` is converted to 1e8 at parser. 11 */ 12 ecmaVersion?: EcmaVersion | 1e8; 13 14 /** 15 * Whether the whole script is executed under node.js environment. 16 * When enabled, the scope manager adds a function scope immediately following the global scope. 17 * Defaults to `false`. 18 */ 19 globalReturn?: boolean; 20 21 /** 22 * Implied strict mode (if ecmaVersion >= 5). 23 * Defaults to `false`. 24 */ 25 impliedStrict?: boolean; 26 27 /** 28 * The identifier that's used for JSX Element creation (after transpilation). 29 * This should not be a member expression - just the root identifier (i.e. use "React" instead of "React.createElement"). 30 * Defaults to `"React"`. 31 */ 32 jsxPragma?: string; 33 34 /** 35 * The identifier that's used for JSX fragment elements (after transpilation). 36 * If `null`, assumes transpilation will always use a member on `jsxFactory` (i.e. React.Fragment). 37 * This should not be a member expression - just the root identifier (i.e. use "h" instead of "h.Fragment"). 38 * Defaults to `null`. 39 */ 40 jsxFragmentName?: string | null; 41 42 /** 43 * The lib used by the project. 44 * This automatically defines a type variable for any types provided by the configured TS libs. 45 * For more information, see https://www.typescriptlang.org/tsconfig#lib 46 * 47 * Defaults to the lib for the provided `ecmaVersion`. 48 */ 49 lib?: Lib[]; 50 51 /** 52 * The source type of the script. 53 */ 54 sourceType?: 'script' | 'module'; 55 56 /** 57 * Emit design-type metadata for decorated declarations in source. 58 * Defaults to `false`. 59 */ 60 emitDecoratorMetadata?: boolean; 61}
Example usage:
1import { analyze } from '@typescript-eslint/scope-manager'; 2import { parse } from '@typescript-eslint/typescript-estree'; 3 4const code = `const hello: string = 'world';`; 5const ast = parse(code, { 6 // note that scope-manager requires ranges on the AST 7 range: true, 8}); 9const scope = analyze(ast, { 10 ecmaVersion: 2020, 11 sourceType: 'module', 12});
References
- https://eslint.org/docs/developer-guide/scope-manager-interface
- https://github.com/eslint/eslint-scope
Contributing
No vulnerabilities found.
Reason
30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: .github/SECURITY.md:1
- Info: Found linked content: .github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1
- Info: Found text in security policy: .github/SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no binaries found in the repo
Reason
Found 16/20 approved changesets -- score normalized to 8
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:36
- Warn: no topLevel permission defined: .github/workflows/cleanup-cache.yml:1
- Info: found token with 'none' permissions: .github/workflows/lock.yml:1
- Warn: no topLevel permission defined: .github/workflows/nx-migrate.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-labels.yml:1
- Warn: no topLevel permission defined: .github/workflows/prettier-update.yml:1
- Warn: no topLevel permission defined: .github/workflows/semantic-breaking-change-pr.yml:1
- Warn: no topLevel permission defined: .github/workflows/semantic-pr-titles.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/a11y-alt-bot.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/a11y-alt-bot.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:216: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:280: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:256: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:259: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:264: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cleanup-cache.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/cleanup-cache.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/lock.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nx-migrate.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/nx-migrate.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/nx-migrate.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/nx-migrate.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-labels.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/pr-labels.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-labels.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/pr-labels.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-review-requested.yml:5: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/pr-review-requested.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prettier-update.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/prettier-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/semantic-breaking-change-pr.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/semantic-breaking-change-pr.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pr-titles.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/typescript-eslint/typescript-eslint/semantic-pr-titles.yml/main?enable=pin
- Info: 0 out of 18 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 7 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Reason
28 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
- Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
- Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
- Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
5.3
/10
Last Scanned on 2025-02-10
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More