Installations
npm install @evolvere/tui-chartDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
20.10.0
NPM Version
10.2.3
Releases
89
Contributors
18
Unable to fetch Contributors
Languages
4
TypeScript
HTML
JavaScript
CSS
TypeScript (67.18%)
HTML (31.63%)
JavaScript (1%)
CSS (0.19%)
validate.email π
Verify real, reachable, and deliverable emails with instant MX records, SMTP checks, and disposable email detection.
Developer
Download Statistics
Total Downloads
62
Last Day
1
Last Week
1
Last Month
62
Last Year
62
GitHub Statistics
MIT License
5,363 Stars
390 Commits
327 Forks
85 Watchers
12 Branches
18 Contributors
Updated on Mar 11, 2025
Bundle Size
572.81 kB
Minified
139.54 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
3.11.9
Package Id
@evolvere/tui-chart@3.11.9
Unpacked Size
7.41 MB
Size
1.38 MB
File Count
20
NPM Version
10.2.3
Node Version
20.10.0
Published on
Mar 13, 2025
Total Downloads
Cumulative downloads
Total Downloads
62
Last Day
-50%
1
Compared to previous day
Last Week
-98.4%
1
Compared to previous week
Last Month
0%
62
Compared to previous month
Last Year
0%
62
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Dev Dependencies
43
babel-corebabel-loaderbabel-plugin-transform-es2015-classesbabel-plugin-transform-es2015-modules-commonjsbabel-plugin-transform-es3-member-expression-literalsbabel-plugin-transform-es3-property-literalsbabel-preset-es2015codemirrorcopy-webpack-plugincpy-clicss-loaderes3ify-webpack-plugines5-shimeslinteslint-config-tuieslint-loaderextract-text-webpack-pluginistanbul-instrumenter-loaderjasmine-corekarmakarma-chrome-launcherkarma-coveragekarma-es5-shimkarma-firefox-launcherkarma-jasminekarma-junit-reporterkarma-mocha-reporterkarma-narrow-reporterkarma-sourcemap-loaderkarma-webdriver-launcherkarma-webpacklessless-loadersafe-umd-webpack-pluginstyle-loadertslinttypescriptwebpackwebpack-dev-serverwebpack-polyfills-pluginprettiereslint-config-prettiereslint-plugin-prettier
TOAST UI Chart v4 major update planningπππ
TOAST UI Chart is planning a v4 major update for 2021. First of all, You can see our Beta news here!
ππ Spread your data on TOAST UI Chart. TOAST UI Chart is Beautiful Statistical Data Visualization library
Wrappers
- toast-ui.vue-chart: Vue wrapper component is powered by NHN.
- toast-ui.react-chart: React wrapper component is powered by NHN.
π© Table of Contents
- Collect statistics on the use of open source
- Browser Support
- True Cross Browser Charts
- Features
- Install
- Load
- Usage
- Development
- Documents
- Contributing
- TOAST UI Family
- Used By
- License
Collect statistics on the use of open source
TOAST UI Chart applies Google Analytics (GA) to collect statistics on the use of open source, in order to identify how widely TOAST UI Chart is used throughout the world. It also serves as important index to determine the future course of projects. location.hostname (e.g. > βui.toast.com") is to be collected and the sole purpose is nothing but to measure statistics on the usage. To disable GA, use the following usageStatistics option when creating charts.
1var options = {
2 ...
3 usageStatistics: false
4}
5
6tui.chart.barChart(container, data, options);Or, include @evolvere/tui-code-snippet(v1.5.0 or later) and then immediately write the options as follows:
1tui.usageStatistics = false;
π Browser Support
 Chrome |  Internet Explorer |  Edge |  Safari |  Firefox |
|---|---|---|---|---|
| Yes | 8+ | Yes | Yes | Yes |
π True Cross Browser Charts And It's Beautiful!
| IE8 | CHROME |
|---|---|
 |  |
No one likes legacy, but sometimes it matters.
We started TOAST UI Chart because we could not find a project supporting legacy browsers, maintained reliably, and free for commercial use.
The visuals of the charts in IE8 are exactly as it looks in Chrome.
The TOAST UI Chart guarantees an identical look for all browsers. Draws fast and requires no polyfill, ToastUI uses of the native browser formats, such as SVG and RVML.
The TOAST UI Chart will continue to support legacy browsers under the MIT license
With over 50 releases since June 2015 under MIT License, the TOAST UI Chart is the answer if you have the same requirements as us.
π¨ Features
- Intuitive and easy to apply.
- Is an open-source JavaScript library.
- Can be used in legacy browsers including IE8.
- Change the chart in detail using many options and custom themes.
Single Charts
The TOAST UI Chart provides many types of charts to visualize the various forms of data.
| Bar Column | Line Area Radial | Bubble Scatter | Pie(General) Pie(Donut) |
|---|---|---|---|
 |  |  |  |
| Heatmap Treemap | Map | Boxplot | Bullet |
|---|---|---|---|
 |  |  |  |
Combo Charts
The TOAST UI Chart covers complex data visualization.
| Column-Line | Pie-Donut | Line-Area | Line-Scatter |
|---|---|---|---|
 |  |  |  |
Customize
Visualize the data in different styles by customizing the details of the charts.
| Various expressions | Custom theme | Stack option | Diverging option | Group tooltip |
|---|---|---|---|---|
 |  |  |  |  |
And More From Examples
Check out Example and wiki to discover more.
πΎ Install
The TOAST UI products can be installed by using the package manager or downloading the source directly. However, we highly recommend using the package manager.
Via Package Manager
The TOAST UI products are registered in two package managers, npm and bower. Install by using the commands provided by each package manager. When using npm, be sure Node.js is installed in the environment.
npm
1$ npm install --save tui-chart # Latest version 2$ npm install --save tui-chart@<version> # Specific version
bower
1$ bower install tui-chart # Latest version 2$ bower install tui-chart#<tag> # Specific version
Via Contents Delivery Network (CDN)
The TOAST UI Chart is available over a CDN.
- You can use cdn as below.
1<link rel="stylesheet" href="https://uicdn.toast.com/tui.chart/latest/tui-chart.min.css"> 2<script src="https://uicdn.toast.com/tui.chart/latest/tui-chart.min.js"></script>
-
The types of distribution files are classified into three types depending on whether or not they exist in the code of the dependency file.
tui-chart.js- This is not include dependency modules in the code.tui-chart-all.js- Includes all dependency modules, including 'babel-polyfill', in bundle file codetui-chart-polyfill.js- This includes only babel-polyfill in code.
-
Within the download you'll find the following directories
tui.chart/
ββ latest
β ββ tui-chart.js
β ββ tui-chart.min.js
β ββ tui-chart-all.js
β ββ tui-chart-all.min.js
β ββ tui-chart-polyfill.js
β ββ tui-chart-polyfill.min.js
β ββ tui-chart.css
β ββ tui-chart.min.css
β ββ maps/
β β βββ (china | japan | singapore | south-korea | taiwan | thailand | use | world).js
ββ v3.0.1/
Download Source Files
π¨ Usage
HTML
Add the container element where TOAST UI Chart will be created.
1<div id="chart"></div>
JavaScript
Load
The TOAST UI Chart can be used by creating an instance with the constructor function. To access the constructor function, import the module using one of the three following methods depending on your environment.
1var chart = tui.chart; /* namespace */
1var chart = require('tui-chart'); /* CommonJS in Node.js */
1import chart from 'tui-chart'; /* ES6 in Node.js */
Factory function needs three parameters: container, data, options
- container: Wrapper HTML element that will contain the chart as a child
- data: Numerical data the chart will be based on
- options: functional options including legend, alignment, and tooltip visibilities
1var container = document.getElementById('chart-area'); 2var data = { 3 category: [...], series: [...] 4}; 5var options = { 6 chart: {width: 700, height: 400} 7}; 8 9chart.barChart(container, data, options);
Refer to details for additional informations.
π§ Development
The TOAST UI products are open-source. After fixing issues, create a pull request(PR). Run npm scripts and develop with the following process.
Setup
Fork develop branch into your personal repository.
Clone to local computer.
Install node modules.
Before starting development, check for any errors.
1$ git clone https://github.com/{username}/tui.chart.git 2$ cd tui.chart 3$ npm install 4$ npm run test
Develop
Let's start development! Run a server and see the code reflected. Add test cases and then make them green.
Run webpack-dev-server
1$ npm run serve 2$ npm run serve:ie8 # Run on Internet Explorer 8
Run karma test
1$ npm run test
Pull Request
Before creating a PR, test and check for any errors. If there are no errors, then commit and push!
For more information, please refer to the Contributing section.
1$ npm run deploy 2$ npm run test
π Documents
See the older versions of API page on the releases page.
π¬ Contributing
π TOAST UI Family
π Used By
- TOAST Cloud - Total Cloud Service
- NHN - ToastCam
- TOAST Dooray! - Collaboration Service (Project, Messenger, Mail, Calendar, Drive, Wiki, Contacts)
- NHN - Smart Downloader
- NHN - Gamebase
- NHN Edu - iamTeacher
π License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 4/30 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/chart-check-types.yml:1
- Warn: no topLevel permission defined: .github/workflows/chart-linter.yml:1
- Warn: no topLevel permission defined: .github/workflows/chart-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/map-chart-check-types.yml:1
- Warn: no topLevel permission defined: .github/workflows/map-chart-linter.yml:1
- Warn: no topLevel permission defined: .github/workflows/map-chart-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-docs.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-wrapper.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Info: no jobLevel write permissions found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chart-check-types.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/chart-check-types.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chart-check-types.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/chart-check-types.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chart-linter.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/chart-linter.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chart-linter.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/chart-linter.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chart-test.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/chart-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chart-test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/chart-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/map-chart-check-types.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/map-chart-check-types.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/map-chart-check-types.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/map-chart-check-types.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/map-chart-linter.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/map-chart-linter.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/map-chart-linter.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/map-chart-linter.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/map-chart-test.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/map-chart-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/map-chart-test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/map-chart-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-docs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-wrapper.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-wrapper.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-wrapper.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-wrapper.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-wrapper.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-wrapper.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-wrapper.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-wrapper.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-wrapper.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-wrapper.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-wrapper.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-wrapper.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-wrapper.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-wrapper.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-wrapper.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-wrapper.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-wrapper.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish-wrapper.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/nhn/tui.chart/publish.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/chart-check-types.yml:18
- Warn: npmCommand not pinned by hash: .github/workflows/chart-check-types.yml:22
- Warn: npmCommand not pinned by hash: .github/workflows/chart-linter.yml:18
- Warn: npmCommand not pinned by hash: .github/workflows/chart-linter.yml:22
- Warn: npmCommand not pinned by hash: .github/workflows/chart-test.yml:18
- Warn: npmCommand not pinned by hash: .github/workflows/chart-test.yml:22
- Warn: npmCommand not pinned by hash: .github/workflows/map-chart-check-types.yml:18
- Warn: npmCommand not pinned by hash: .github/workflows/map-chart-check-types.yml:22
- Warn: npmCommand not pinned by hash: .github/workflows/map-chart-linter.yml:18
- Warn: npmCommand not pinned by hash: .github/workflows/map-chart-linter.yml:22
- Warn: npmCommand not pinned by hash: .github/workflows/map-chart-test.yml:19
- Warn: npmCommand not pinned by hash: .github/workflows/map-chart-test.yml:23
- Warn: npmCommand not pinned by hash: .github/workflows/map-chart-test.yml:28
- Warn: npmCommand not pinned by hash: .github/workflows/publish-docs.yml:19
- Warn: npmCommand not pinned by hash: .github/workflows/publish-docs.yml:23
- Warn: npmCommand not pinned by hash: .github/workflows/publish-docs.yml:39
- Warn: npmCommand not pinned by hash: .github/workflows/publish-docs.yml:43
- Warn: npmCommand not pinned by hash: .github/workflows/publish-docs.yml:59
- Warn: npmCommand not pinned by hash: .github/workflows/publish-docs.yml:63
- Warn: npmCommand not pinned by hash: .github/workflows/publish-docs.yml:86
- Warn: npmCommand not pinned by hash: .github/workflows/publish-docs.yml:90
- Warn: npmCommand not pinned by hash: .github/workflows/publish-docs.yml:93
- Warn: npmCommand not pinned by hash: .github/workflows/publish-wrapper.yml:19
- Warn: npmCommand not pinned by hash: .github/workflows/publish-wrapper.yml:23
- Warn: npmCommand not pinned by hash: .github/workflows/publish-wrapper.yml:39
- Warn: npmCommand not pinned by hash: .github/workflows/publish-wrapper.yml:43
- Warn: npmCommand not pinned by hash: .github/workflows/publish-wrapper.yml:59
- Warn: npmCommand not pinned by hash: .github/workflows/publish-wrapper.yml:63
- Warn: npmCommand not pinned by hash: .github/workflows/publish-wrapper.yml:87
- Warn: npmCommand not pinned by hash: .github/workflows/publish-wrapper.yml:91
- Warn: npmCommand not pinned by hash: .github/workflows/publish-wrapper.yml:95
- Warn: npmCommand not pinned by hash: .github/workflows/publish-wrapper.yml:99
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:61
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:65
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:82
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:86
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:110
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:114
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:153
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:157
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:40
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:44
- Info: 0 out of 40 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 6 third-party GitHubAction dependencies pinned
- Info: 0 out of 42 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 7 are checked with a SAST tool
Reason
127 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx
- Warn: Project is vulnerable to: GHSA-2h3h-q99f-3fhc
- Warn: Project is vulnerable to: GHSA-gmw6-94gg-2rc2
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-3wcq-x3mq-6r9p
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
- Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-vfrc-7r7c-w9mx
- Warn: Project is vulnerable to: GHSA-7wwv-vh3v-89cq
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-33f9-j839-rf8h
- Warn: Project is vulnerable to: GHSA-c36v-fmgq-m8hx
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-4wx3-54gh-9fr9
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
- Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
- Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
- Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
- Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
- Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
- Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
- Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
- Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
- Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
- Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-wvhm-4hhf-97x9
- Warn: Project is vulnerable to: GHSA-h4hr-7fg3-h35w
- Warn: Project is vulnerable to: GHSA-gj77-59wh-66hg
- Warn: Project is vulnerable to: GHSA-hqhp-5p83-hx96
- Warn: Project is vulnerable to: GHSA-3949-f494-cm99
- Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
- Warn: Project is vulnerable to: GHSA-w5hq-hm5m-4548
- Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
- Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
- Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
- Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
- Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
- Warn: Project is vulnerable to: GHSA-hh27-ffr2-f2jc
- Warn: Project is vulnerable to: GHSA-rqff-837h-mm52
- Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2
- Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j
- Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872
- Warn: Project is vulnerable to: GHSA-rjf2-j2r6-q8gr
- Warn: Project is vulnerable to: GHSA-6pw2-5hjv-9pf7
- Warn: Project is vulnerable to: GHSA-4w2j-2rg4-5mjw
- Warn: Project is vulnerable to: GHSA-mrgp-mrhc-5jrq
- Warn: Project is vulnerable to: GHSA-7jxr-cg7f-gpgv
- Warn: Project is vulnerable to: GHSA-xj72-wvfv-8985
- Warn: Project is vulnerable to: GHSA-ch3r-j5x3-6q2m
- Warn: Project is vulnerable to: GHSA-p5gc-c584-jj6v
- Warn: Project is vulnerable to: GHSA-whpj-8f3w-67p5
- Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
- Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
- Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
- Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
2.9
/10
Last Scanned on 2025-03-03
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More