Gathering detailed insights and metrics for @grpc/proto-loader
Gathering detailed insights and metrics for @grpc/proto-loader
Installations
npm install @grpc/proto-loaderDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=6
Node Version
18.16.1
NPM Version
9.5.1
Score
95.1
Supply Chain
99.6
Quality
83.6
Maintenance
100
Vulnerability
99.6
License
Releases
289
@grpc/grpc-js 1.13.4
@grpc/grpc-js@1.13.4
Updated on May 21, 2025
@grpc/proto-loader 0.7.15
@grpc/proto-loader@0.7.15
Updated on Apr 18, 2025
@grpc/proto-loader 0.7.14
@grpc/proto-loader@0.7.14
Updated on Apr 17, 2025
@grpc/grpc-js 1.13.3
@grpc/grpc-js@1.13.3
Updated on Apr 10, 2025
@grpc/grpc-js 1.13.2
@grpc/grpc-js@1.13.2
Updated on Mar 26, 2025
@grpc/grpc-js 1.13.1
@grpc/grpc-js@1.13.1
Updated on Mar 21, 2025
Languages
8
TypeScript
JavaScript
C++
Shell
Dockerfile
CMake
Batchfile
PowerShell
TypeScript (85.81%)
JavaScript (11.3%)
C++ (1.38%)
Shell (0.92%)
Dockerfile (0.24%)
CMake (0.13%)
Batchfile (0.12%)
PowerShell (0.1%)
Developer
Download Statistics
Total Downloads
1,810,706,486
Last Day
656,350
Last Week
13,579,117
Last Month
58,551,629
Last Year
602,017,722
GitHub Statistics
Apache-2.0 License
4,663 Stars
5,048 Commits
670 Forks
72 Watchers
51 Branches
187 Contributors
Updated on Jun 16, 2025
Bundle Size
119.46 kB
Minified
34.10 kB
Minified + Gzipped
Maintainers
3
Package Meta Information
Latest Version
0.7.15
Package Id
@grpc/proto-loader@0.7.15
Unpacked Size
118.54 kB
Size
26.26 kB
File Count
11
NPM Version
9.5.1
Node Version
18.16.1
Published on
Apr 18, 2025
Total Downloads
Cumulative downloads
Total Downloads
1,810,706,486
Last Day
-1.6%
656,350
Compared to previous day
Last Week
-6.1%
13,579,117
Compared to previous week
Last Month
2%
58,551,629
Compared to previous month
Last Year
31%
602,017,722
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
gRPC Protobuf Loader
A utility package for loading .proto files for use with gRPC, using the latest Protobuf.js package.
Please refer to protobuf.js' documentation
to understands its features and limitations.
Installation
1npm install @grpc/proto-loader
Usage
1const protoLoader = require('@grpc/proto-loader'); 2const grpcLibrary = require('grpc'); 3// OR 4const grpcLibrary = require('@grpc/grpc-js'); 5 6protoLoader.load(protoFileName, options).then(packageDefinition => { 7 const packageObject = grpcLibrary.loadPackageDefinition(packageDefinition); 8}); 9// OR 10const packageDefinition = protoLoader.loadSync(protoFileName, options); 11const packageObject = grpcLibrary.loadPackageDefinition(packageDefinition);
The options parameter is an object that can have the following optional properties:
| Field name | Valid values | Description |
|---|---|---|
keepCase | true or false | Preserve field names. The default is to change them to camel case. |
longs | String or Number | The type to use to represent long values. Defaults to a Long object type. |
enums | String | The type to use to represent enum values. Defaults to the numeric value. |
bytes | Array or String | The type to use to represent bytes values. Defaults to Buffer. |
defaults | true or false | Set default values on output objects. Defaults to false. |
arrays | true or false | Set empty arrays for missing array values even if defaults is false Defaults to false. |
objects | true or false | Set empty objects for missing object values even if defaults is false Defaults to false. |
oneofs | true or false | Set virtual oneof properties to the present field's name. Defaults to false. |
json | true or false | Represent Infinity and NaN as strings in float fields, and automatically decode google.protobuf.Any values. Defaults to false |
includeDirs | An array of strings | A list of search paths for imported .proto files. |
The following options object closely approximates the existing behavior of grpc.load:
1const options = { 2 keepCase: true, 3 longs: String, 4 enums: String, 5 defaults: true, 6 oneofs: true 7}
Generating TypeScript types
The proto-loader-gen-types script distributed with this package can be used to generate TypeScript type information for the objects loaded at runtime. More information about how to use it can be found in the @grpc/proto-loader TypeScript Type Generator CLI Tool proposal document. The arguments mostly match the load function's options; the full usage information is as follows:
1proto-loader-gen-types.js [options] filenames... 2 3Options: 4 --help Show help [boolean] 5 --version Show version number [boolean] 6 --keepCase Preserve the case of field names 7 [boolean] [default: false] 8 --longs The type that should be used to output 64 bit 9 integer values. Can be String, Number 10 [string] [default: "Long"] 11 --enums The type that should be used to output enum fields. 12 Can be String [string] [default: "number"] 13 --bytes The type that should be used to output bytes 14 fields. Can be String, Array 15 [string] [default: "Buffer"] 16 --defaults Output default values for omitted fields 17 [boolean] [default: false] 18 --arrays Output default values for omitted repeated fields 19 even if --defaults is not set 20 [boolean] [default: false] 21 --objects Output default values for omitted message fields 22 even if --defaults is not set 23 [boolean] [default: false] 24 --oneofs Output virtual oneof fields set to the present 25 field's name [boolean] [default: false] 26 --json Represent Infinity and NaN as strings in float 27 fields. Also decode google.protobuf.Any 28 automatically [boolean] [default: false] 29 --includeComments Generate doc comments from comments in the original 30 files [boolean] [default: false] 31 -I, --includeDirs Directories to search for included files [array] 32 -O, --outDir Directory in which to output files 33 [string] [required] 34 --grpcLib The gRPC implementation library that these types 35 will be used with. If not provided, some types will 36 not be generated [string] 37 --inputTemplate Template for mapping input or "permissive" type 38 names [string] [default: "%s"] 39 --outputTemplate Template for mapping output or "restricted" type 40 names [string] [default: "%s__Output"] 41 --inputBranded Output property for branded type for "permissive" 42 types with fullName of the Message as its value 43 [boolean] [default: false] 44 --outputBranded Output property for branded type for "restricted" 45 types with fullName of the Message as its value 46 [boolean] [default: false] 47 --targetFileExtension File extension for generated files. 48 [string] [default: ".ts"] 49 --importFileExtension File extension for import specifiers in generated 50 code. [string] [default: ""]
Example Usage
Generate the types:
1$(npm bin)/proto-loader-gen-types --longs=String --enums=String --defaults --oneofs --grpcLib=@grpc/grpc-js --outDir=proto/ proto/*.proto
Consume the types:
1import * as grpc from '@grpc/grpc-js'; 2import * as protoLoader from '@grpc/proto-loader'; 3import type { ProtoGrpcType } from './proto/example.ts'; 4import type { ExampleHandlers } from './proto/example_package/Example.ts'; 5 6const exampleServer: ExampleHandlers = { 7 // server handlers implementation... 8}; 9 10const packageDefinition = protoLoader.loadSync('./proto/example.proto'); 11const proto = (grpc.loadPackageDefinition( 12 packageDefinition 13) as unknown) as ProtoGrpcType; 14 15const server = new grpc.Server(); 16server.addService(proto.example_package.Example.service, exampleServer);
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
20 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/grpc-tools-build.yml:12
- Info: no jobLevel write permissions found
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: SECURITY.md:1
Reason
Found 3/15 approved changesets -- score normalized to 2
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: containerImage not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:19
- Warn: containerImage not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:36: pin your Docker image by updating gcr.io/distroless/nodejs18-debian11:latest to gcr.io/distroless/nodejs18-debian11:latest@sha256:c3627dd28e9e031c6b562eb7cb77c324b9c4635a1c05eaf8e89d2eaa364fa6f0
- Warn: containerImage not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:19
- Warn: containerImage not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:40: pin your Docker image by updating gcr.io/distroless/nodejs18-debian11:latest to gcr.io/distroless/nodejs18-debian11:latest@sha256:c3627dd28e9e031c6b562eb7cb77c324b9c4635a1c05eaf8e89d2eaa364fa6f0
- Warn: containerImage not pinned by hash: tools/release/native/Dockerfile:6: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:01a3ee0b5e413cefaaffc6abe68c9c37879ae3cced56a8e088b1649e5b269eee
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:26
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:28
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:30
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:32
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:34
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:26
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:28
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:30
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:32
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:34
- Warn: downloadThenRun not pinned by hash: tools/release/native/Dockerfile:23
- Warn: downloadThenRun not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:22
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:38
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:41
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:44
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:47
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:52
- Warn: downloadThenRun not pinned by hash: run-tests.sh:20
- Warn: npmCommand not pinned by hash: run-tests.sh:42
- Warn: npmCommand not pinned by hash: run-tests.sh:67
- Warn: npmCommand not pinned by hash: setup_interop.sh:16
- Warn: npmCommand not pinned by hash: setup_interop.sh:17
- Warn: npmCommand not pinned by hash: setup_interop_purejs.sh:16
- Warn: npmCommand not pinned by hash: setup_interop_purejs.sh:17
- Warn: npmCommand not pinned by hash: test/client-libraries-integration/init.sh:16
- Warn: npmCommand not pinned by hash: test/client-libraries-integration/init.sh:23
- Warn: npmCommand not pinned by hash: test/distrib/run-distrib-test.sh:29
- Warn: npmCommand not pinned by hash: test/distrib/run-distrib-test.sh:30
- Warn: npmCommand not pinned by hash: test/distrib/run-distrib-test.sh:31
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 26 npmCommand dependencies pinned
- Info: 0 out of 3 downloadThenRun dependencies pinned
- Info: 0 out of 5 containerImage dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
6.7
/10
Last Scanned on 2025-06-09
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More