Gathering detailed insights and metrics for @fluent/bundle
Gathering detailed insights and metrics for @fluent/bundle
Installations
npm install @fluent/bundleScore
99.7
Supply Chain
89.1
Quality
80.6
Maintenance
100
Vulnerability
100
License
Releases
100
2024-06-25
@fluent/dom@0.10.0
Published on 25 Jun 2024
2023-05-28
@fluent/react@0.15.1
Published on 27 May 2023
2023-03-13
@fluent/syntax@0.19.0
Published on 13 Mar 2023
@fluent/syntax 0.18.1
@fluent/syntax@0.18.1
Published on 03 May 2022
@fluent/langneg 0.6.2
@fluent/langneg@0.6.2
Published on 03 May 2022
@fluent/bundle 0.17.1
@fluent/bundle@0.17.1
Published on 21 Dec 2021
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=14.0.0
Typescript Support
Yes
Node Version
19.1.0
NPM Version
8.19.3
Statistics
939 Stars
3,140 Commits
77 Forks
22 Watching
6 Branches
47 Contributors
Updated on 27 Nov 2024
Languages
JavaScript (57.69%)
TypeScript (27.45%)
Fluent (14.18%)
Makefile (0.35%)
FreeMarker (0.28%)
HTML (0.06%)
Total Downloads
Cumulative downloads
Total Downloads
3,315,161
Last day
-24.6%
6,960
Compared to previous day
Last week
2.9%
42,204
Compared to previous week
Last month
5.2%
184,645
Compared to previous month
Last year
247.5%
2,152,197
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
1
Versions
Project Fluent
Fluent.js is a JavaScript implementation of Project Fluent, a localization framework designed to unleash the expressive power of the natural language.
Project Fluent keeps simple things simple and makes complex things possible. The syntax used for describing translations is easy to read and understand. At the same time it allows, when necessary, to represent complex concepts from natural languages like gender, plurals, conjugations, and others.
Packages
Fluent.js consists of a set of packages which have different use-cases and can be installed independently of each other.
- @fluent/bundle
- @fluent/dedent
- @fluent/dom
- @fluent/langneg
- @fluent/react
- @fluent/sequence
- @fluent/syntax
You can install each of the above packages via npm, e.g. npm install @fluent/react.
See the end of this README for instructions on how to build fluent.js locally.
Learn the FTL syntax
FTL is a localization file format used for describing translation resources. FTL stands for Fluent Translation List.
FTL is designed to be simple to read, but at the same time allows to represent complex concepts from natural languages like gender, plurals, conjugations, and others.
hello-user = Hello, { $username }!
Read the Fluent Syntax Guide in order to learn more about the syntax. If you're a tool author you may be interested in the formal EBNF grammar.
Discuss
We'd love to hear your thoughts on Project Fluent! Whether you're a localizer looking for a better way to express yourself in your language, or a developer trying to make your app localizable and multilingual, or a hacker looking for a project to contribute to, please do get in touch!
- Discourse: https://discourse.mozilla.org/c/fluent
Get Involved
Fluent.js is open-source, licensed under the Apache License, Version 2.0. We encourage everyone to take a look at our code and we'll listen to your feedback.
Local Development
Hacking on fluent.js is easy! To quickly get started clone the repo:
$ git clone https://github.com/projectfluent/fluent.js.git
$ cd fluent.js
You'll need at least Node.js 14.18 and npm 7. Older versions are not supported.
Install the dependencies used by all packages, which are managed as npm workspaces:
$ npm install
Build and test all packages at once:
$ npm run dist
…which is equivalent to:
$ npm run clean
$ npm run build --workspaces
$ npm run lint
$ npm run test
$ npm run docs --workspaces
Each package may also be built separately by running npm run build in
its directory.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no binaries found in the repo
Reason
Found 10/17 approved changesets -- score normalized to 5
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/projectfluent/fluent.js/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/projectfluent/fluent.js/test.yml/main?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 23 are checked with a SAST tool
Score
3.5
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More