Gathering detailed insights and metrics for @google-cloud/common
Gathering detailed insights and metrics for @google-cloud/common
🚀🐢 A set of classes and utilities used in Google npm modules.
Installations
npm install @google-cloud/commonDeveloper
googleapis
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=14.0.0
Typescript Support
Yes
Node Version
14.21.3
NPM Version
6.14.18
Statistics
58 Stars
668 Commits
35 Forks
46 Watching
109 Branches
144 Contributors
Updated on 28 Oct 2024
Languages
TypeScript (98.13%)
JavaScript (1.41%)
Python (0.46%)
Total Downloads
Cumulative downloads
Total Downloads
626,655,927
Last day
-13.5%
521,560
Compared to previous day
Last week
0.7%
3,123,223
Compared to previous week
Last month
9.3%
13,213,503
Compared to previous month
Last year
37.8%
130,939,494
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
9
Versions
Google Cloud Common: Node.js Client
Common components for Cloud APIs Node.js Client Libraries
A comprehensive list of changes in each version may be found in the CHANGELOG.
Read more about the client libraries for Cloud APIs, including the older Google APIs Client Libraries, in Client Libraries Explained.
Table of contents:
Quickstart
Installing the client library
1npm install @google-cloud/common
It's unlikely you will need to install this package directly, as it will be
installed as a dependency when you install other @google-cloud packages.
The Google Cloud Common Node.js Client API Reference documentation also contains samples.
Supported Node.js Versions
Our client libraries follow the Node.js release schedule. Libraries are compatible with all current active and maintenance versions of Node.js. If you are using an end-of-life version of Node.js, we recommend that you update as soon as possible to an actively supported LTS version.
Google's client libraries support legacy versions of Node.js runtimes on a best-efforts basis with the following warnings:
- Legacy versions are not tested in continuous integration.
- Some security patches and features cannot be backported.
- Dependencies cannot be kept up-to-date.
Client libraries targeting some end-of-life versions of Node.js are available, and
can be installed through npm dist-tags.
The dist-tags follow the naming convention legacy-(version).
For example, npm install @google-cloud/common@legacy-8 installs client libraries
for versions compatible with Node.js 8.
Versioning
This library follows Semantic Versioning.
This library is considered to be stable. The code surface will not change in backwards-incompatible ways unless absolutely necessary (e.g. because of critical security issues) or with an extensive deprecation period. Issues and requests against stable libraries are addressed with the highest priority.
More Information: Google Cloud Platform Launch Stages
Contributing
Contributions welcome! See the Contributing Guide.
Please note that this README.md, the samples/README.md,
and a variety of configuration files in this repository (including .nycrc and tsconfig.json)
are generated from a central template. To edit one of these files, make an edit
to its templates in
directory.
License
Apache Version 2.0
See LICENSE
No vulnerabilities found.
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
SAST tool is not run on all commits -- score normalized to 3
Details
- Warn: 10 commits out of 30 are checked with a SAST tool
Reason
1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yaml:1
- Warn: no topLevel permission defined: .github/workflows/response.yaml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-common/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-common/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/response.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-common/response.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/response.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-common/response.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/response.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-common/response.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/response.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/nodejs-common/response.yaml/main?enable=pin
- Warn: npmCommand not pinned by hash: .kokoro/docs.sh:23
- Warn: npmCommand not pinned by hash: .kokoro/lint.sh:23
- Warn: npmCommand not pinned by hash: .kokoro/lint.sh:29
- Warn: npmCommand not pinned by hash: .kokoro/publish.sh:29
- Warn: npmCommand not pinned by hash: .kokoro/release/docs-devsite.sh:27
- Warn: npmCommand not pinned by hash: .kokoro/release/docs-devsite.sh:28
- Warn: npmCommand not pinned by hash: .kokoro/release/docs.sh:27
- Warn: npmCommand not pinned by hash: .kokoro/release/docs.sh:31
- Warn: npmCommand not pinned by hash: .kokoro/samples-test.sh:35
- Warn: npmCommand not pinned by hash: .kokoro/samples-test.sh:40
- Warn: npmCommand not pinned by hash: .kokoro/system-test.sh:34
- Warn: npmCommand not pinned by hash: .kokoro/test.sh:23
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:23
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:26
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:48
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:57
- Info: 0 out of 12 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 16 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
5.7
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More