Installations
npm install @deepkit/bunDeveloper Guide
Typescript
Yes
Module System
CommonJS, ESM
Node Version
20.14.0
NPM Version
lerna/7.4.2/node@v20.14.0+arm64 (darwin)
Score
48.9
Supply Chain
74.2
Quality
85.6
Maintenance
100
Vulnerability
96.4
License
Releases
Unable to fetch releases
Contributors
Unable to fetch Contributors
Languages
TypeScript (95.97%)
SCSS (2.45%)
HTML (0.94%)
JavaScript (0.27%)
CSS (0.26%)
Python (0.07%)
Shell (0.02%)
Dockerfile (0.02%)
Developer
Download Statistics
Total Downloads
9,015
Last Day
1
Last Week
31
Last Month
52
Last Year
8,645
GitHub Statistics
3,252 Stars
2,891 Commits
124 Forks
30 Watching
2 Branches
30 Contributors
Maintainers
Package Meta Information
Latest Version
1.0.1-alpha.155
Package Id
@deepkit/bun@1.0.1-alpha.155
Unpacked Size
46.20 kB
Size
9.65 kB
File Count
25
NPM Version
lerna/7.4.2/node@v20.14.0+arm64 (darwin)
Node Version
20.14.0
Publised On
30 Oct 2024
Total Downloads
Cumulative downloads
Total Downloads
9,015
Last day
0%
1
Compared to previous day
Last week
342.9%
31
Compared to previous week
Last month
-69%
52
Compared to previous month
Last year
2,236.5%
8,645
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
2
Dev Dependencies
2
Deepkit Bun Plugin
Install
1bun init
bunfig.toml:
1preload = ["@deepkit/bun"] 2 3[install] 4peer = true
1bun install @deepkit/type @deepkit/type-compiler @deepkit/core @deepkit/bun typescript
tsconfig.json:
1{ 2 "reflection": true 3}
Bun test runner
To use the bun test runner instead of Jest add the following to file bunfig.toml:
1[test] 2preload = ["@deepkit/bun"]
No vulnerabilities found.
Reason
6 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 6/30 approved changesets -- score normalized to 2
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/commitlint.yml:1
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 6 are checked with a SAST tool
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commitlint.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/deepkit/deepkit-framework/commitlint.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/deepkit/deepkit-framework/main.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/deepkit/deepkit-framework/main.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/deepkit/deepkit-framework/main.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/deepkit/deepkit-framework/main.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/deepkit/deepkit-framework/main.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/deepkit/deepkit-framework/main.yml/master?enable=pin
- Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating node:alpine to node:alpine@sha256:d319827b3b99cca0153f6049fb584a5a4a0ae49252b6dda2314ef564f9857cf2
- Warn: containerImage not pinned by hash: packages/example-app/Dockerfile:1: pin your Docker image by updating node:16-alpine to node:16-alpine@sha256:a1f9d027912b58a7c75be7716c97cfbc6d3099f3a97ed84aa490be9dee20e787
- Warn: containerImage not pinned by hash: packages/example-app/Dockerfile:18: pin your Docker image by updating node:16-alpine to node:16-alpine@sha256:a1f9d027912b58a7c75be7716c97cfbc6d3099f3a97ed84aa490be9dee20e787
- Warn: containerImage not pinned by hash: website/Dockerfile:1: pin your Docker image by updating node:20.8.0-alpine3.18 to node:20.8.0-alpine3.18@sha256:37750e51d61bef92165b2e29a77da4277ba0777258446b7a9c99511f119db096
- Warn: containerImage not pinned by hash: website/Dockerfile:15: pin your Docker image by updating node:20.8.0-alpine3.18 to node:20.8.0-alpine3.18@sha256:37750e51d61bef92165b2e29a77da4277ba0777258446b7a9c99511f119db096
- Warn: npmCommand not pinned by hash: packages/example-app/Dockerfile:10
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 5 containerImage dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
34 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-5pcm-hx3q-hm94
- Warn: Project is vulnerable to: GHSA-pg7h-5qx3-wjr3
- Warn: Project is vulnerable to: PYSEC-2023-299 / GHSA-282v-666c-3fvg
- Warn: Project is vulnerable to: GHSA-37q5-v5qm-c9v8
- Warn: Project is vulnerable to: PYSEC-2023-300 / GHSA-3863-2447-669p
- Warn: Project is vulnerable to: PYSEC-2023-301 / GHSA-v68g-wm8c-6x7j
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-mpg4-rc92-vx8v
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-m4gq-x24j-jpmf
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-vxvm-qww3-2fh7
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-x565-32qp-m3vf
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-x3m3-4wpv-5vgc
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-3g92-w8c5-73pq
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986 / GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-h6q6-9hqw-rwfv
- Warn: Project is vulnerable to: GHSA-5fg8-2547-mr8q
- Warn: Project is vulnerable to: GHSA-crh6-fp67-6883
Score
3.6
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More