npmpackage.info

@firebase/auth

Firebase Javascript SDK

1.8.2

4,898

NOASSERTION

TypeScript

38.34 kB

344,144,171 6

Installations

npm install @firebase/auth

Developer Guide

BETA

Typescript

No

Module System

CommonJS, ESM, UMD

Min. Node Version

>=18.0.0

Node Version

22.10.0

NPM Version

10.9.0 Score

74.5

Supply Chain

Quality

Maintenance

100

Vulnerability

70.3

License

Pull Requests

Open

220

Total

5,242

Closed

864

Merged

4,158

Issues

Open

433

Total

3,155

Closed

2,722

Releases

firebase@11.2.0

Published on 16 Jan 2025

firebase@11.1.0

Published on 12 Dec 2024

firebase@11.0.2

Published on 14 Nov 2024

firebase@11.0.1

Published on 22 Oct 2024

firebase@11.0.0

Published on 21 Oct 2024

firebase@10.14.1

Published on 10 Oct 2024

View all 28 releases

Contributors

222

View all 222 contributors

Languages

TypeScript

JavaScript

HTML

CSS

HCL

Handlebars

Shell

TypeScript (93.07%)

JavaScript (5.01%)

HTML (1.22%)

CSS (0.46%)

HCL (0.11%)

Handlebars (0.07%)

Shell (0.06%)

Developer

firebase

Download Statistics

Total Downloads

344,144,171

Last Day

399,214

Last Week

1,837,594

Last Month

8,265,487

Last Year

96,395,405

GitHub Statistics

4,898 Stars

4,150 Commits

906 Forks

194 Watching

683 Branches

222 Contributors

Bundle Size

139.02 kB

Minified

38.34 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

1.8.2

Package Id

@firebase/auth@1.8.2

Unpacked Size

15.22 MB

Size

2.41 MB

File Count

2,649

NPM Version

10.9.0

Node Version

22.10.0

Publised On

16 Jan 2025

Total Downloads

Cumulative downloads

Total Downloads

344,144,171

Last day

-6.3%

399,214

Compared to previous day

Last week

-16.6%

1,837,594

Compared to previous week

Last month

4.4%

8,265,487

Compared to previous month

Last year

30.4%

96,395,405

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

@firebase/auth

This is the Firebase Authentication component of the Firebase JS SDK.

This package is not intended for direct usage, and should only be used via the officially supported firebase package.

Testing

The modular Auth SDK has both unit tests and integration tests, along with a host of npm scripts to run these tests. The most important commands are:

Command	Description
`yarn test`	This will run lint, unit tests, and integration tests against the live environment
`yarn test:<platform>`	Runs all browser tests, unit and integration
`yarn test:<platform>:unit`	Runs only <platform> unit tests
`yarn test:<platform>:unit:debug`	Runs <platform> unit tests, auto-watching for file system changes
`yarn test:<platform>:integration`	Runs only integration tests against the live environment
`yarn test:<platform>:integration:local`	Runs all headless <platform> integration tests against the emulator (more below)
`yarn test:browser:integration:prodbackend`	Runs TOTP MFA integration tests against the backend (more below)

Where <platform> is "browser" or "node". There are also cordova tests, but they are not broken into such granular details. Check out package.json for more.

Integration testing with the emulator

To test against the emulator, set up the Auth emulator (instructions). The easiest way to run these tests is to use the firebase emulators:exec command (documentation). You can also manually start the emulator separately, and then point the tests to it by setting the GCLOUD_PROJECT and FIREBASE_AUTH_EMULATOR_HOST environmental variables. In addition to the commands listed above, the below commands also run various tests:

yarn test:integration:local — Executes Node and browser emulator integration tests, as well as the Selenium WebDriver tests
yarn test:webdriver — Executes only the Selenium WebDriver integration tests

Note - The webdriver tests require the Chrome webdriver to match the version of Chrome running locally. In the CI environment, this is ensured using the environment variable here. When running locally, change the chromedriver version in package.json to match your local Chrome version and run yarn install.

For example, to run all integration and WebDriver tests against the emulator, you would simply execute the following command:

1firebase emulators:exec --project foo-bar --only auth "yarn test:integration:local"

Integration testing with the production backend

Currently, MFA TOTP, password policy, and reCAPTCHA Enterprise phone verification tests only run against the production backend (since they are not supported on the emulator yet). Running against the backend also makes it a more reliable end-to-end test.

TOTP

The TOTP tests require the following email/password combination to exist in the project, so if you are running this test against your test project, please create this user:

'totpuser-donotdelete@test.com', 'password'

You also need to verify this email address, in order to use MFA. This can be done with a curl command like this:

curl   -H "Authorization: Bearer $(gcloud auth print-access-token)"   -H "Content-Type: application/json"   -H "X-Goog-User-Project: ${PROJECT_ID}"   -X POST https://identitytoolkit.googleapis.com/v1/accounts:sendOobCode   -d     '{
      "email": "totpuser-donotdelete@test.com",
      "requestType": "VERIFY_EMAIL",
      "returnOobLink": true,
    }'

Password policy

The password policy tests require a tenant configured with a password policy that requires all options to exist in the project.

If you are running this test against your test project, please create the tenant and configure the policy with the following curl command:

curl   -H "Authorization: Bearer $(gcloud auth print-access-token)"   -H "Content-Type: application/json"   -H "X-Goog-User-Project: ${PROJECT_ID}"   -X POST https://identitytoolkit.googleapis.com/v2/projects/${PROJECT_ID}/tenants   -d     '{
      "displayName": "passpol-tenant",
      "passwordPolicyConfig": {
        "passwordPolicyEnforcementState": "ENFORCE",
        "passwordPolicyVersions": [
          {
            "customStrengthOptions": {
              "minPasswordLength": 8,
              "maxPasswordLength": 24,
              "containsLowercaseCharacter": true,
              "containsUppercaseCharacter": true,
              "containsNumericCharacter": true,
              "containsNonAlphanumericCharacter": true
            }
          }
        ]
      }
    }'

Replace the tenant ID passpol-tenant-d7hha in test/integration/flows/password_policy.test.ts with the ID for the newly created tenant. The tenant ID can be found at the end of the name property in the response and is in the format passpol-tenant-xxxxx.

reCAPTCHA Enterprise phone verification

The reCAPTCHA Enterprise phone verification tests require reCAPTCHA Enterprise to be enabled and the following fictional phone number to be configured and in the project.

If you are running this test against your project, please add this test phone number:

'+1 555-555-1000', SMS code: '123456'

Follow this guide to enable reCAPTCHA Enterprise, then use the following curl command to set reCAPTCHA Enterprise to ENFORCE for phone provider:

curl   -H "Authorization: Bearer $(gcloud auth print-access-token)"   -H "Content-Type: application/json"   -H "X-Goog-User-Project: $
{PROJECT_ID}"   -X POST https://identitytoolkit.googleapis.com/v2/projects/${PROJECT_ID}/config?updateMask=recaptchaConfig.phoneEnforcementState,recaptchaConfig.useSmsBotScore,recaptchaConfig.useSmsTollFraudProtection  -d '
{
  "name": "projects/{PROJECT_ID}",
  "recaptchaConfig": {
    "phoneEnforcementState": "ENFORCE",
    "useSmsBotScore": "true",
    "useSmsTollFraudProtection": "true",
  },
}'

Selenium Webdriver tests

These tests assume that you have both Firefox and Chrome installed on your computer and in your $PATH. The tests will error out if this is not the case. The WebDriver tests talk to the emulator, but unlike the headless integration tests, these run in a browser robot environment; the assertions themselves run in Node. When you run these tests a small Express server will be started to serve the static files the browser robot uses.

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Security-Policy

Determines if the project has published a security policy.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

9

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

9

License

Determines if the project has defined a license.

9

SAST

Determines if the project uses static code analysis.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Warn: jobLevel 'contents' permission set to 'write': .github/workflows/check-vertexai-responses.yml:24
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/merge-release-branch.yml:24
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-prod.yml:32
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/update-api-reports.yml:25
Warn: no topLevel permission defined: .github/workflows/canary-deploy.yml:1
Warn: no topLevel permission defined: .github/workflows/check-changeset.yml:1
Warn: no topLevel permission defined: .github/workflows/check-docs.yml:1
Warn: no topLevel permission defined: .github/workflows/check-pkg-paths.yml:1
Warn: no topLevel permission defined: .github/workflows/check-vertexai-responses.yml:1
Warn: no topLevel permission defined: .github/workflows/deploy-config.yml:1
Warn: no topLevel permission defined: .github/workflows/e2e-test.yml:1
Warn: no topLevel permission defined: .github/workflows/format.yml:1
Warn: no topLevel permission defined: .github/workflows/health-metrics-pull-request.yml:1
Warn: no topLevel permission defined: .github/workflows/health-metrics-release.yml:1
Warn: no topLevel permission defined: .github/workflows/lint.yml:1
Warn: no topLevel permission defined: .github/workflows/merge-release-branch.yml:1
Warn: no topLevel permission defined: .github/workflows/prerelease-manual-deploy.yml:1
Warn: no topLevel permission defined: .github/workflows/release-log.yml:1
Warn: no topLevel permission defined: .github/workflows/release-pr.yml:1
Warn: no topLevel permission defined: .github/workflows/release-prod.yml:1
Warn: no topLevel permission defined: .github/workflows/release-staging.yml:1
Warn: no topLevel permission defined: .github/workflows/release-tweet.yml:1
Warn: no topLevel permission defined: .github/workflows/test-all.yml:1
Warn: no topLevel permission defined: .github/workflows/test-changed-auth.yml:1
Warn: no topLevel permission defined: .github/workflows/test-changed-fcm-integration.yml:1
Warn: no topLevel permission defined: .github/workflows/test-changed-firestore-integration.yml:1
Warn: no topLevel permission defined: .github/workflows/test-changed-firestore.yml:1
Warn: no topLevel permission defined: .github/workflows/test-changed-misc.yml:1
Warn: no topLevel permission defined: .github/workflows/test-changed.yml:1
Warn: no topLevel permission defined: .github/workflows/update-api-reports.yml:1

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary-deploy.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/canary-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary-deploy.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/canary-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-changeset.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-changeset.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-docs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-docs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-docs.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-docs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-pkg-paths.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-pkg-paths.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-pkg-paths.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-pkg-paths.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-vertexai-responses.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-vertexai-responses.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-vertexai-responses.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-vertexai-responses.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-vertexai-responses.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-vertexai-responses.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-vertexai-responses.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/check-vertexai-responses.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-config.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/deploy-config.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-config.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/deploy-config.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-test.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/e2e-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/e2e-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/format.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/format.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-pull-request.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-pull-request.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/health-metrics-release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/health-metrics-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-release-branch.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/merge-release-branch.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-release-branch.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/merge-release-branch.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerelease-manual-deploy.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/prerelease-manual-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerelease-manual-deploy.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/prerelease-manual-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-log.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-log.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-log.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-log.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pr.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pr.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-pr.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-pr.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-pr.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-prod.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-prod.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-prod.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-prod.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-staging.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-staging.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-staging.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-staging.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-staging.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-staging.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tweet.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-tweet.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tweet.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-tweet.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tweet.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/release-tweet.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-all.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-all.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-all.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:208: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-all.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-auth.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-auth.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-fcm-integration.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-fcm-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-fcm-integration.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-fcm-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore-integration.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore-integration.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-changed-firestore-integration.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore-integration.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-changed-firestore-integration.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore-integration.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:262: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-firestore.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-firestore.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-misc.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-misc.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed-misc.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed-misc.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-changed.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/test-changed.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-api-reports.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/update-api-reports.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-api-reports.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/update-api-reports.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-api-reports.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/firebase/firebase-js-sdk/update-api-reports.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/e2e-test.yml:67
Info: 0 out of 85 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 21 third-party GitHubAction dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

66 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Warn: Project is vulnerable to: GHSA-7v5v-9h63-cj86
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-mpg4-rc92-vx8v
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-h755-8qp9-cq85
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-7p89-p6hx-q4fw
Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-7wwv-vh3v-89cq
Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
Warn: Project is vulnerable to: GHSA-qgmg-gppg-76g5
Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc

Score

6

/10

Last Scanned on 2025-01-27

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to @firebase/auth

@firebase/auth-types

0.12.3

@firebase/auth Types

@firebase/auth-interop-types

0.2.4

@firebase/auth interop Types

@firebase/auth-compat

0.5.17

FirebaseAuth compatibility package that uses API style compatible with Firebase@8 and prior versions

@react-native-firebase/auth

21.7.1

React Native Firebase - The authentication module provides an easy-to-use API to integrate an authentication workflow into new and existing applications. React Native Firebase provides access to all Firebase authentication methods and identity providers.

@firebase/auth

Installations

Developer Guide

No

CommonJS, ESM, UMD

>=18.0.0

22.10.0

10.9.0

Score

Pull Requests

220

5,242

864

4,158

Issues

433

3,155

2,722

Releases

Contributors

Languages

Developer

Download Statistics

GitHub Statistics

Bundle Size

139.02 kB

38.34 kB

Maintainers

Package Meta Information

Total Downloads

344,144,171

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Peer Dependencies

Dev Dependencies

@firebase/auth

Testing

Integration testing with the emulator

Integration testing with the production backend

TOTP

Password policy

reCAPTCHA Enterprise phone verification

Selenium Webdriver tests

10

10

10

10

9

9

9

0

0

0

0

0

6

/10

Other packages similar to @firebase/auth