Gathering detailed insights and metrics for @esbuild/android-arm
Gathering detailed insights and metrics for @esbuild/android-arm
Installations
npm install @esbuild/android-armScore
100
Supply Chain
66.7
Quality
85.6
Maintenance
100
Vulnerability
99.6
License
Developer
Developer Guide
BETA
Module System
Unable to determine the module system for this package.
Min. Node Version
>=18
Typescript Support
No
Node Version
22.0.0
NPM Version
10.5.1
Statistics
38,239 Stars
4,172 Commits
1,160 Forks
276 Watching
3 Branches
109 Contributors
Updated on 28 Nov 2024
Languages
Go (75.28%)
JavaScript (16.94%)
TypeScript (6.14%)
Makefile (0.88%)
HTML (0.69%)
CSS (0.05%)
Shell (0.02%)
Total Downloads
Cumulative downloads
Total Downloads
450,929,631
Last day
-6.4%
1,120,079
Compared to previous day
Last week
2.2%
6,306,331
Compared to previous week
Last month
6.4%
26,755,320
Compared to previous month
Last year
63.6%
274,769,794
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
Versions
Website |
Getting started |
Documentation |
Plugins |
FAQ
Why?
Our current build tools for the web are 10-100x slower than they could be:
The main goal of the esbuild bundler project is to bring about a new era of build tool performance, and create an easy-to-use modern bundler along the way.
Major features:
- Extreme speed without needing a cache
- JavaScript, CSS, TypeScript, and JSX built-in
- A straightforward API for CLI, JS, and Go
- Bundles ESM and CommonJS modules
- Bundles CSS including CSS modules
- Tree shaking, minification, and source maps
- Local server, watch mode, and plugins
Check out the getting started instructions if you want to give esbuild a try.
No vulnerabilities found.
Reason
12 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:11
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:11
- Info: topLevel 'contents' permission set to 'read': .github/workflows/e2e.yml:9
- Info: found token with 'none' permissions: .github/workflows/release.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/validate.yml:9
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
8 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-7hpj-7hhx-2fgx
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
Found 1/30 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:288: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/e2e.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/validate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/evanw/esbuild/validate.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/e2e.yml:32
- Warn: npmCommand not pinned by hash: .github/workflows/e2e.yml:37
- Warn: npmCommand not pinned by hash: .github/workflows/e2e.yml:42
- Warn: npmCommand not pinned by hash: .github/workflows/e2e.yml:47
- Info: 0 out of 19 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 1 out of 5 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 2 are checked with a SAST tool
Score
5
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More