npmpackage.info

@fy-dev/core-rspack

Storybook is the industry standard workshop for building, documenting, and testing UI components in isolation

7.0.0-rc.12

84,981

MIT

TypeScript

9.45 kB

344 7.2

Installations

npm install @fy-dev/core-rspack

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS, ESM

Node Version

16.19.1

NPM Version

8.19.3 Score

40.7

Supply Chain

53.4

Quality

71.3

Maintenance

100

Vulnerability

98.9

License

Pull Requests

Open

132

Total

13,204

Closed

2,494

Merged

10,578

Issues

Open

1,950

Total

12,985

Closed

11,035

Releases

1,490

v8.5.0-beta.6

Published on 25 Dec 2024

v8.5.0-beta.5

Published on 23 Dec 2024

v8.5.0-beta.4

Published on 20 Dec 2024

v8.5.0-beta.3

Published on 19 Dec 2024

v8.5.0-beta.2

Published on 18 Dec 2024

v8.5.0-beta.1

Published on 16 Dec 2024

View all 1,490 releases

Contributors

1,959

View all 1,959 contributors

Languages

TypeScript

JavaScript

MDX

Svelte

Vue

HTML

CSS

EJS

Pug

Handlebars

Shell

SCSS

TypeScript (73.1%)

JavaScript (24.3%)

MDX (1.11%)

Svelte (0.66%)

Vue (0.29%)

HTML (0.22%)

CSS (0.19%)

EJS (0.06%)

Pug (0.04%)

Handlebars (0.02%)

Shell (0.01%)

Developer

storybookjs

Download Statistics

Total Downloads

344

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

84,981 Stars

65,051 Commits

9,372 Forks

934 Watching

595 Branches

1,959 Contributors

Sponsor this package

https://opencollective.com/storybook

Maintainers

Package Meta Information

Latest Version

7.0.0-rc.12

Package Id

@fy-dev/core-rspack@7.0.0-rc.12

Unpacked Size

9.45 kB

Size

2.71 kB

File Count

NPM Version

8.19.3

Node Version

16.19.1

Publised On

05 Apr 2023

Total Downloads

Cumulative downloads

Total Downloads

344

Last day

Compared to previous day

Last week

Compared to previous week

Last month

-25%

Compared to previous month

Last year

-76.3%

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@storybook/core-common @storybook/node-logger @storybook/types @types/node ts-dedent

Dev Dependencies

@rspack/core typescript

Versions

Storybook Core-Common

Common utilities used across @storybook/core-server (manager UI configuration) and @fy-dev/builder-rspack (preview configuration).

This is a lot of code extracted for convenience, not because it made sense.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

CI-Tests

Determines if the project runs tests before pull requests are merged.

10

Contributors

Determines if the project has a set of contributors from multiple organizations (e.g., companies).

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Dependency-Update-Tool

Determines if the project uses a dependency update tool.

10

License

Determines if the project has defined a license.

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

7

Code-Review

Determines if the project requires code review before pull requests (aka merge requests) are merged.

7

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 7

Details

Warn: third-party GitHubAction not pinned by hash: .github/workflows/canary-release-pr.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/canary-release-pr.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary-release-pr.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/canary-release-pr.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary-release-pr.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/canary-release-pr.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary-release-pr.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/canary-release-pr.yml/next?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/canary-release-pr.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/canary-release-pr.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cron-weekly.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/cron-weekly.yml/next?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cron-weekly.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/cron-weekly.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/danger-js.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/danger-js.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/danger-js.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/danger-js.yml/next?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/danger-js.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/danger-js.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-sandboxes.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/generate-sandboxes.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-sandboxes.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/generate-sandboxes.yml/next?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/generate-sandboxes.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/generate-sandboxes.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-sandboxes.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/generate-sandboxes.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-sandboxes.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/generate-sandboxes.yml/next?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/generate-sandboxes.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/generate-sandboxes.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/handle-release-branches.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/handle-release-branches.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/handle-release-branches.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/handle-release-branches.yml/next?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/handle-release-branches.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/handle-release-branches.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/handle-release-branches.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/handle-release-branches.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-non-patch-release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/prepare-non-patch-release.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-non-patch-release.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/prepare-non-patch-release.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-non-patch-release.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/prepare-non-patch-release.yml/next?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/prepare-non-patch-release.yml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/prepare-non-patch-release.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-patch-release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/prepare-patch-release.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-patch-release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/prepare-patch-release.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-patch-release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/prepare-patch-release.yml/next?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/prepare-patch-release.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/prepare-patch-release.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/publish.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/publish.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/publish.yml/next?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/publish.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/stale.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-unit.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/tests-unit.yml/next?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests-unit.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/tests-unit.yml/next?enable=pin
Info: Dockerfile dependencies are pinned
Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
Info: no insecure (not pinned by hash) dependency downloads found in shell scripts

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

non read-only tokens detected in GitHub workflows

Details

Warn: no topLevel permission defined: .github/workflows/cron-weekly.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/cron-weekly.yml/next?enable=permissions
Warn: no topLevel permission defined: .github/workflows/danger-js.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/danger-js.yml/next?enable=permissions
Warn: no topLevel permission defined: .github/workflows/generate-sandboxes.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/generate-sandboxes.yml/next?enable=permissions
Warn: no topLevel permission defined: .github/workflows/handle-release-branches.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/handle-release-branches.yml/next?enable=permissions
Warn: no topLevel permission defined: .github/workflows/prepare-non-patch-release.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/prepare-non-patch-release.yml/next?enable=permissions
Warn: no topLevel permission defined: .github/workflows/prepare-patch-release.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/prepare-patch-release.yml/next?enable=permissions
Warn: topLevel 'contents' permission set to 'write': .github/workflows/publish.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/publish.yml/next?enable=permissions
Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/scorecards.yml/next?enable=permissions
Warn: no topLevel permission defined: .github/workflows/stale.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/stale.yml/next?enable=permissions
Warn: no topLevel permission defined: .github/workflows/tests-unit.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/tests-unit.yml/next?enable=permissions
Warn: no topLevel permission defined: .github/workflows/trigger-circle-ci-workflow.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/storybookjs/storybook/trigger-circle-ci-workflow.yml/next?enable=permissions

Score

7.2

/10

Last Scanned on 2024-03-19

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More