npmpackage.info

@firebase/app-types

Firebase Javascript SDK

0.9.3

4,860

NOASSERTION

TypeScript

583,752,264 5.9

Installations

npm install @firebase/app-types

Score

100

Supply Chain

64.9

Quality

98.3

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

218

Total

5,185

Closed

853

Merged

4,114

Issues

Open

430

Total

3,124

Closed

2,694

Releases

firebase@11.0.2

Published on 14 Nov 2024

firebase@11.0.1

Published on 22 Oct 2024

firebase@11.0.0

Published on 21 Oct 2024

firebase@10.14.1

Published on 10 Oct 2024

firebase@10.14.0

Published on 30 Sept 2024

firebase@10.13.2

Published on 18 Sept 2024

View all 26 releases

Developer

firebase

Developer Guide

BETA

Module System

Unable to determine the module system for this package.

Min. Node Version

Typescript Support

Yes

Node Version

22.10.0

NPM Version

10.9.0 Statistics

4,860 Stars

4,104 Commits

894 Forks

194 Watching

683 Branches

218 Contributors

Updated on 24 Nov 2024

Languages

TypeScript (92.96%)

JavaScript (5.09%)

HTML (1.25%)

CSS (0.46%)

HCL (0.11%)

Handlebars (0.07%)

Shell (0.06%)

Total Downloads

Cumulative downloads

Total Downloads

583,752,264

Last day

-3.3%

650,882

Compared to previous day

Last week

3,681,410

Compared to previous week

Last month

10.6%

15,262,943

Compared to previous month

Last year

17.3%

155,197,582

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

typescript

Versions

Firebase JavaScript SDK

Build Status

The Firebase JavaScript SDK implements the client-side libraries used by applications using Firebase services. This SDK is distributed via:

To get started using Firebase, see Add Firebase to your JavaScript Project.

Upgrade to Version 9

Version 9 has a redesigned API that supports tree-shaking. Read the Upgrade Guide to learn more.

Supported Environments

Please see Environment Support.

SDK Dev Workflow

Prerequisites

Node.js

Before you can start working on the Firebase JS SDK, you need to have Node.js installed on your machine. As of April 19th, 2024 the team has been testing with Node.js version 20.12.2, but the required version of Node.js may change as we update our dependencies.

To download Node.js visit https://nodejs.org/en/download/.

NOTE: You can use a tool like NVM or N to install and manage multiple node versions

Yarn

In addition to Node.js we use yarn to facilitate multi package development.

To install yarn follow the instructions listed on their website: https://yarnpkg.com/en/docs/install

This repo currently supports building with yarn 1.x. For instance, after installing yarn, run

1$ yarn set version 1.22.11

Java

The closure compiler requires a modern Java installation. Java 11+ should be installed: https://www.oracle.com/java/technologies/downloads/#java11

Verify Prerequisites

You can verify your setup by running the following commands in your terminal:

1$ node -v
2$ yarn -v
3$ java -version

Your node version should be 20.12.2, your yarn version should be between 1.0.0 and 1.22.11, and your java version should be 11.0 or greater.

NOTE: We will update the documentation as new versions are required, however for continuing development on the SDK, staying up to date on the stable versions of these packages is advised

Install Dependencies

Once you have Node.js and yarn installed on your machine and have validated that you are running the proper version, you can set up the development environment by running the following at the root of the SDK:

1$ yarn

Once you have installed all the dependencies, you can build the entire SDK by running the following command the root of the SDK:

1$ yarn build

Testing the SDK

Test Setup

A production project is required to test the Firebase JS SDK. You can create a new project by visiting the Firebase Console.

Web App Setup

Visit the "Project Overview" and select "Add app" under your project name. Register the app with a nickname and click through the remaining steps. Without performing this step, you will encounter the error in the test setup:

FirebaseError: There are no WEB apps associated with this Firebase project

Firestore Database Setup

Visit the "Firestore Database" section of the console and create a Cloud Firestore database. When prompted to select the set of initial security rules, select any option (e.g. "Start in Production Mode") since these permission settings will be overwritten below.

Realtime Database Setup

Visit the "Realtime Database" section of the console and create a realtime database. When prompted to select the set of initial security rules, select any option (e.g. "Start in Locked Mode") since these permission settings will be overwritten below.

Storage Setup

Visit the "Storage" section of the console and create a storage bucket. In order to run the tests, you will need to update your bucket's CORS rules.

Create a new file called cors.json with the contents:

1[
2    {
3        "origin": ["http://localhost:8089"],
4        "method": ["GET"],
5        "maxAgeSeconds": 3600
6    }
7]

Install gsutil from https://cloud.google.com/storage/docs/gsutil_install
You will need to login if this is your first time using gsutil. Run gcloud auth login and follow the instructions to login.
Run gsutil cors set cors.json gs://<your-cloud-storage-bucket>

For more information, visit https://firebase.google.com/docs/storage/web/download-files#cors_configuration

Authentication Support

Visit the authentication config in your project and enable the Anonymous sign-in provider to complete your project config.

Automated Setup

The tests need to be configured to use the Firebase production project that you created in the "Test Setup" section above. To do this, run the yarn test:setup command, as follows:

1# Select the Firebase project via the text-based UI. This will run tools/config.js
2# and deploy from config/ to your Firebase project.
3$ yarn test:setup
4
5# Specify the Firebase project via the command-line arguments.
6$ yarn test:setup --projectId=<test_firebase_project_id>

If you see an error like

HTTP Error: 404, Project '<test_firebase_project_id>' does not exist.

then make sure that you have created the database as specified in the "Firestore Database Setup" section above.

Running the tests

Each of the directories in the integration directory as well as the packages directory have their own test suites. You will need to build the SDK before running tests. Test suites can be run all together by running the following command at the root of the package:

1$ yarn test

In addition, you can run any of the tests individually by running yarn test in an individual package directory.

Building the SDK

Introduction

The Firebase JS SDK is built with a series of individual packages that are all contained in this repository. Development is coordinated via yarn workspaces and Lerna (a monorepo management tool).

Each package in the packages directory, constitute a piece of our implementation. The SDK is built via a combination of all of these packages which are published under the firebase scope on NPM.

Testing the SDK Locally

Please be sure your product's package has been built before proceeding any further. (If you haven't built this repo before, make sure to run yarn build at the root) In order to manually test your SDK changes locally, you must use yarn link:

1$ cd packages/firebase
2$ yarn link # initialize the linking to the other folder
3$ cd ../<my-product> # Example: $ cd ../firestore
4$ yarn link # link your product to make it available elsewhere
5$ cd <my-test-app-dir> # cd into your personal project directory
6$ yarn link firebase @firebase/<my-product> # tell yarn to use the locally built firebase SDK instead

This will create a symlink and point your <my-test-app-dir> to the locally built version of the firebase SDK.

Helper Scripts

Each package in the packages directory exposes a dev script. This script will set up a watcher for development on the individual piece of the SDK. In addition, there is a top level dev script that can be run to start all of the watch tasks as well as a sandbox server.

You can run the dev script by running the following at the root of the package:

1$ yarn dev

Prepush Hooks

As part of this repo, we use the NPM package husky to implement git hooks. We leverage the prepush hook to do two things:

Automated code styling (using prettier)
Automated LICENSE header insertion

Contributing

See Contributing for more information on contributing to the Firebase JavaScript SDK.

Big Thanks

Cross-browser Testing Platform and Open Source <3 Provided by Sauce Labs

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Maintained

Determines if the project is "actively maintained".

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Security-Policy

Determines if the project has published a security policy.

9

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

9

License

Determines if the project has defined a license.

8

SAST

Determines if the project uses static code analysis.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Warn: jobLevel 'contents' permission set to 'write': .github/workflows/merge-release-branch.yml:24
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-prod.yml:32
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/update-api-reports.yml:25
Warn: no topLevel permission defined: .github/workflows/canary-deploy.yml:1
Warn: no topLevel permission defined: .github/workflows/check-changeset.yml:1
Warn: no topLevel permission defined: .github/workflows/check-docs.yml:1
Warn: no topLevel permission defined: .github/workflows/check-pkg-paths.yml:1
Warn: no topLevel permission defined: .github/workflows/check-vertexai-responses.yml:1
Warn: no topLevel permission defined: .github/workflows/deploy-config.yml:1
Warn: no topLevel permission defined: .github/workflows/e2e-test.yml:1
Warn: no topLevel permission defined: .github/workflows/format.yml:1
Warn: no topLevel permission defined: .github/workflows/health-metrics-pull-request.yml:1
Warn: no topLevel permission defined: .github/workflows/health-metrics-release.yml:1
Warn: no topLevel permission defined: .github/workflows/lint.yml:1
Warn: no topLevel permission defined: .github/workflows/merge-release-branch.yml:1
Warn: no topLevel permission defined: .github/workflows/prerelease-manual-deploy.yml:1
Warn: no topLevel permission defined: .github/workflows/release-log.yml:1
Warn: no topLevel permission defined: .github/workflows/release-pr.yml:1
Warn: no topLevel permission defined: .github/workflows/release-prod.yml:1
Warn: no topLevel permission defined: .github/workflows/release-staging.yml:1
Warn: no topLevel permission defined: .github/workflows/release-tweet.yml:1
Warn: no topLevel permission defined: .github/workflows/test-all.yml:1
Warn: no topLevel permission defined: .github/workflows/test-changed-auth.yml:1
Warn: no topLevel permission defined: .github/workflows/test-changed-fcm-integration.yml:1
Warn: no topLevel permission defined: .github/workflows/test-changed-firestore-integration.yml:1
Warn: no topLevel permission defined: .github/workflows/test-changed-firestore.yml:1
Warn: no topLevel permission defined: .github/workflows/test-changed-misc.yml:1
Warn: no topLevel permission defined: .github/workflows/test-changed.yml:1
Warn: no topLevel permission defined: .github/workflows/test-firebase-integration.yml:1
Warn: no topLevel permission defined: .github/workflows/update-api-reports.yml:1

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary-deploy.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/canary-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary-deploy.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/canary-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-docs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-docs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-docs.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-docs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-pkg-paths.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-pkg-paths.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-pkg-paths.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-pkg-paths.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-vertexai-responses.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-vertexai-responses.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-config.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/deploy-config.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-config.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/deploy-config.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-test.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/e2e-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/e2e-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/format.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/format.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-release-branch.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/merge-release-branch.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-release-branch.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/merge-release-branch.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerelease-manual-deploy.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/prerelease-manual-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerelease-manual-deploy.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/prerelease-manual-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-log.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-log.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-log.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-log.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pr.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pr.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-pr.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-pr.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-prod.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-prod.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-prod.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-prod.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-staging.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-staging.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-staging.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-staging.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-staging.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-staging.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tweet.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-tweet.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tweet.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-tweet.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tweet.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-tweet.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-all.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-all.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-all.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-fcm-integration.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-fcm-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-fcm-integration.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-fcm-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore-integration.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore-integration.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-changed-firestore-integration.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore-integration.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-changed-firestore-integration.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore-integration.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:223: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:272: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:278: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-misc.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-misc.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-misc.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-misc.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-firebase-integration.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-firebase-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-firebase-integration.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-firebase-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-api-reports.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/update-api-reports.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-api-reports.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/update-api-reports.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-api-reports.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/update-api-reports.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/e2e-test.yml:61
Info: 0 out of 86 GitHub-owned GitHubAction dependencies pinned
Info: 3 out of 22 third-party GitHubAction dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

79 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Warn: Project is vulnerable to: GHSA-7v5v-9h63-cj86
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-mpg4-rc92-vx8v
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-h755-8qp9-cq85
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-7p89-p6hx-q4fw
Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
Warn: Project is vulnerable to: GHSA-r7qp-cfhv-p84w
Warn: Project is vulnerable to: GHSA-q9mw-68c2-j6m5
Warn: Project is vulnerable to: GHSA-rcm2-22f3-pqv3
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-7wwv-vh3v-89cq
Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
Warn: Project is vulnerable to: GHSA-25hc-qcg6-38wj
Warn: Project is vulnerable to: GHSA-qm95-pgcg-qqfq
Warn: Project is vulnerable to: GHSA-cqmj-92xf-r6r9
Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
Warn: Project is vulnerable to: GHSA-qgmg-gppg-76g5
Warn: Project is vulnerable to: GHSA-p5gc-c584-jj6v
Warn: Project is vulnerable to: GHSA-whpj-8f3w-67p5
Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc

Score

5.9

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to @firebase/app-types

@react-native-firebase/app-types

6.7.2

@react-native-firebase/app-types

@firebase/app-check-interop-types

0.3.3

@firebase/app-check-interop-types Types

@firebase/app-check-types

0.5.3

@firebase/app-check Types

@firebase/database-types

1.0.7

@firebase/database Types