Firebase Javascript SDK
Installations
npm install @firebase/app-check-compat
Releases
firebase@11.0.2
Published on 14 Nov 2024
firebase@11.0.1
Published on 22 Oct 2024
firebase@11.0.0
Published on 21 Oct 2024
firebase@10.14.1
Published on 10 Oct 2024
firebase@10.14.0
Published on 30 Sept 2024
firebase@10.13.2
Published on 18 Sept 2024
Developer
Developer Guide
Module System
CommonJS, ESM, UMD
Min. Node Version
>=18.0.0
Typescript Support
No
Node Version
22.10.0
NPM Version
10.9.0
Statistics
4,860 Stars
4,104 Commits
894 Forks
194 Watching
683 Branches
218 Contributors
Updated on 24 Nov 2024
Bundle Size
23.67 kB
Minified
7.68 kB
Minified + Gzipped
Languages
TypeScript (92.96%)
JavaScript (5.09%)
HTML (1.25%)
CSS (0.46%)
HCL (0.11%)
Handlebars (0.07%)
Shell (0.06%)
Total Downloads
Cumulative downloads
Total Downloads
151,665,513
Last day
-2.8%
343,938
Compared to previous day
Last week
2.4%
1,794,838
Compared to previous week
Last month
12.8%
7,461,110
Compared to previous month
Last year
45.2%
71,518,997
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Firebase JavaScript SDK
The Firebase JavaScript SDK implements the client-side libraries used by applications using Firebase services. This SDK is distributed via:
To get started using Firebase, see Add Firebase to your JavaScript Project.
Upgrade to Version 9
Version 9 has a redesigned API that supports tree-shaking. Read the Upgrade Guide to learn more.
Supported Environments
Please see Environment Support.
SDK Dev Workflow
Prerequisites
Node.js
Before you can start working on the Firebase JS SDK, you need to have Node.js
installed on your machine. As of April 19th, 2024 the team has been testing with Node.js version
20.12.2
, but the required version of Node.js may change as we update our dependencies.
To download Node.js visit https://nodejs.org/en/download/.
NOTE: You can use a tool like NVM
or N
to install and manage multiple node versions
Yarn
In addition to Node.js we use yarn
to facilitate multi package development.
To install yarn
follow the instructions listed on their website:
https://yarnpkg.com/en/docs/install
This repo currently supports building with yarn 1.x
. For instance, after installing yarn, run
1$ yarn set version 1.22.11
Java
The closure compiler requires a modern Java installation. Java 11+ should be installed: https://www.oracle.com/java/technologies/downloads/#java11
Verify Prerequisites
You can verify your setup by running the following commands in your terminal:
1$ node -v 2$ yarn -v 3$ java -version
Your node
version should be 20.12.2
, your yarn
version should
be between 1.0.0
and 1.22.11
, and your java
version should be 11.0
or greater.
NOTE: We will update the documentation as new versions are required, however for continuing development on the SDK, staying up to date on the stable versions of these packages is advised
Install Dependencies
Once you have Node.js and yarn
installed on your machine and have validated
that you are running the proper version, you can set up the development environment
by running the following at the root of the SDK:
1$ yarn
Once you have installed all the dependencies, you can build the entire SDK by running the following command the root of the SDK:
1$ yarn build
Testing the SDK
Test Setup
A production project is required to test the Firebase JS SDK. You can create a new project by visiting the Firebase Console.
Web App Setup
Visit the "Project Overview" and select "Add app" under your project name. Register the app with a nickname and click through the remaining steps. Without performing this step, you will encounter the error in the test setup:
FirebaseError: There are no WEB apps associated with this Firebase project
Firestore Database Setup
Visit the "Firestore Database" section of the console and create a Cloud Firestore database. When prompted to select the set of initial security rules, select any option (e.g. "Start in Production Mode") since these permission settings will be overwritten below.
Realtime Database Setup
Visit the "Realtime Database" section of the console and create a realtime database. When prompted to select the set of initial security rules, select any option (e.g. "Start in Locked Mode") since these permission settings will be overwritten below.
Storage Setup
Visit the "Storage" section of the console and create a storage bucket. In order to run the tests, you will need to update your bucket's CORS rules.
- Create a new file called
cors.json
with the contents:
1[ 2 { 3 "origin": ["http://localhost:8089"], 4 "method": ["GET"], 5 "maxAgeSeconds": 3600 6 } 7]
- Install
gsutil
from https://cloud.google.com/storage/docs/gsutil_install - You will need to login if this is your first time using
gsutil
. Rungcloud auth login
and follow the instructions to login. - Run
gsutil cors set cors.json gs://<your-cloud-storage-bucket>
For more information, visit https://firebase.google.com/docs/storage/web/download-files#cors_configuration
Authentication Support
Visit the authentication config in your project and enable the Anonymous
sign-in provider to complete your project config.
Automated Setup
The tests need to be configured to use the Firebase production project that you
created in the "Test Setup" section above. To do this, run the yarn test:setup
command, as follows:
1# Select the Firebase project via the text-based UI. This will run tools/config.js 2# and deploy from config/ to your Firebase project. 3$ yarn test:setup 4 5# Specify the Firebase project via the command-line arguments. 6$ yarn test:setup --projectId=<test_firebase_project_id>
If you see an error like
HTTP Error: 404, Project '<test_firebase_project_id>' does not exist.
then make sure that you have created the database as specified in the "Firestore Database Setup" section above.
Running the tests
Each of the directories in the integration
directory as well as the packages
directory have their own test suites. You will need to build the SDK before
running tests. Test suites can be run all together by running the following
command at the root of the package:
1$ yarn test
In addition, you can run any of the tests individually by running yarn test
in
an individual package directory.
Building the SDK
Introduction
The Firebase JS SDK is built with a series of individual packages that are all contained in this repository. Development is coordinated via yarn workspaces and Lerna (a monorepo management tool).
Each package in the packages
directory, constitute a piece of our
implementation. The SDK is built via a combination of all of these packages
which are published under the firebase
scope on NPM.
Testing the SDK Locally
Please be sure your product's package has been built before proceeding any further. (If you haven't built this repo before, make sure to run yarn build
at the root)
In order to manually test your SDK changes locally, you must use yarn link:
1$ cd packages/firebase 2$ yarn link # initialize the linking to the other folder 3$ cd ../<my-product> # Example: $ cd ../firestore 4$ yarn link # link your product to make it available elsewhere 5$ cd <my-test-app-dir> # cd into your personal project directory 6$ yarn link firebase @firebase/<my-product> # tell yarn to use the locally built firebase SDK instead
This will create a symlink and point your <my-test-app-dir>
to the locally built version of the firebase SDK.
Helper Scripts
Each package in the packages
directory exposes a dev
script. This script
will set up a watcher for development on the individual piece of the SDK. In
addition, there is a top level dev
script that can be run to start all of the
watch tasks as well as a sandbox server.
You can run the dev script by running the following at the root of the package:
1$ yarn dev
Prepush Hooks
As part of this repo, we use the NPM package husky
to
implement git hooks. We leverage the prepush hook to do two things:
- Automated code styling (using
prettier
) - Automated LICENSE header insertion
Contributing
See Contributing for more information on contributing to the Firebase JavaScript SDK.
Big Thanks
Cross-browser Testing Platform and Open Source <3 Provided by Sauce Labs
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/firebase/.github/SECURITY.md:1
- Info: Found linked content: github.com/firebase/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/firebase/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/firebase/.github/SECURITY.md:1
Reason
Found 27/30 approved changesets -- score normalized to 9
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
SAST tool is not run on all commits -- score normalized to 8
Details
- Warn: 22 commits out of 27 are checked with a SAST tool
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/merge-release-branch.yml:24
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-prod.yml:32
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/update-api-reports.yml:25
- Warn: no topLevel permission defined: .github/workflows/canary-deploy.yml:1
- Warn: no topLevel permission defined: .github/workflows/check-changeset.yml:1
- Warn: no topLevel permission defined: .github/workflows/check-docs.yml:1
- Warn: no topLevel permission defined: .github/workflows/check-pkg-paths.yml:1
- Warn: no topLevel permission defined: .github/workflows/check-vertexai-responses.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy-config.yml:1
- Warn: no topLevel permission defined: .github/workflows/e2e-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/format.yml:1
- Warn: no topLevel permission defined: .github/workflows/health-metrics-pull-request.yml:1
- Warn: no topLevel permission defined: .github/workflows/health-metrics-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/merge-release-branch.yml:1
- Warn: no topLevel permission defined: .github/workflows/prerelease-manual-deploy.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-log.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-pr.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-prod.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-staging.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-tweet.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-all.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-changed-auth.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-changed-fcm-integration.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-changed-firestore-integration.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-changed-firestore.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-changed-misc.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-changed.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-firebase-integration.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-api-reports.yml:1
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary-deploy.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/canary-deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary-deploy.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/canary-deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-docs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-docs.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-pkg-paths.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-pkg-paths.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-pkg-paths.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-pkg-paths.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-vertexai-responses.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-vertexai-responses.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-config.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/deploy-config.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-config.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/deploy-config.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-test.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/e2e-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/e2e-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/format.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/format.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-release-branch.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/merge-release-branch.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-release-branch.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/merge-release-branch.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerelease-manual-deploy.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/prerelease-manual-deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerelease-manual-deploy.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/prerelease-manual-deploy.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-log.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-log.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-log.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-log.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pr.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pr.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-pr.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-pr.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-prod.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-prod.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-prod.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-prod.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-staging.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-staging.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-staging.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-staging.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-staging.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-staging.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tweet.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-tweet.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tweet.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-tweet.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tweet.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-tweet.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-all.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-all.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-all.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-fcm-integration.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-fcm-integration.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-fcm-integration.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-fcm-integration.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore-integration.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore-integration.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-changed-firestore-integration.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore-integration.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-changed-firestore-integration.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore-integration.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore-integration.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore-integration.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:223: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:272: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:278: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-misc.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-misc.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-misc.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-misc.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-firebase-integration.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-firebase-integration.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-firebase-integration.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-firebase-integration.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-api-reports.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/update-api-reports.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-api-reports.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/update-api-reports.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-api-reports.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/update-api-reports.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/e2e-test.yml:61
- Info: 0 out of 86 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 22 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
79 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-7v5v-9h63-cj86
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-mpg4-rc92-vx8v
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-h755-8qp9-cq85
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
- Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
- Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
- Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
- Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-7p89-p6hx-q4fw
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-r7qp-cfhv-p84w
- Warn: Project is vulnerable to: GHSA-q9mw-68c2-j6m5
- Warn: Project is vulnerable to: GHSA-rcm2-22f3-pqv3
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-7wwv-vh3v-89cq
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
- Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
- Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
- Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
- Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
- Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
- Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
- Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-25hc-qcg6-38wj
- Warn: Project is vulnerable to: GHSA-qm95-pgcg-qqfq
- Warn: Project is vulnerable to: GHSA-cqmj-92xf-r6r9
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-qgmg-gppg-76g5
- Warn: Project is vulnerable to: GHSA-p5gc-c584-jj6v
- Warn: Project is vulnerable to: GHSA-whpj-8f3w-67p5
- Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
- Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
- Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Score
5.9
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to @firebase/app-check-compat
@firebase/app-compat
The primary entrypoint to the Firebase JS SDK
@firebase/database-compat
The Realtime Database component of the Firebase JS SDK.
@firebase/analytics-compat
This is the compatibility layer for the Firebase Analytics component of the Firebase JS SDK.
@firebase/remote-config-compat
The compatibility package of Remote Config