Gathering detailed insights and metrics for @har-sdk/core
Gathering detailed insights and metrics for @har-sdk/core
Installations
npm install @har-sdk/coreDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
18.14.1
NPM Version
8.19.3
Score
82.2
Supply Chain
91.4
Quality
78.1
Maintenance
100
Vulnerability
99.6
License
Releases
214
@har-sdk/oas@2.10.0
@har-sdk/oas@2.10.0
Published on 07 Oct 2024
@har-sdk/postman@2.4.6
@har-sdk/postman@2.4.6
Published on 22 Aug 2024
@har-sdk/oas@2.9.3
@har-sdk/oas@2.9.3
Published on 22 Aug 2024
@har-sdk/oas@2.9.2
@har-sdk/oas@2.9.2
Published on 14 Aug 2024
@har-sdk/openapi-sampler@2.2.1
@har-sdk/openapi-sampler@2.2.1
Published on 14 Aug 2024
@har-sdk/oas@2.9.1
@har-sdk/oas@2.9.1
Published on 22 Apr 2024
Contributors
25
Unable to fetch Contributors
Languages
3
TypeScript
JavaScript
Shell
TypeScript (98.02%)
JavaScript (1.94%)
Shell (0.04%)
Developer
NeuraLegion
Download Statistics
Total Downloads
125,040
Last Day
534
Last Week
3,470
Last Month
16,466
Last Year
104,606
GitHub Statistics
11 Stars
142 Commits
5 Forks
16 Watching
10 Branches
25 Contributors
Bundle Size
36.68 kB
Minified
11.73 kB
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
1.4.5
Package Id
@har-sdk/core@1.4.5
Unpacked Size
104.79 kB
Size
24.72 kB
File Count
105
NPM Version
8.19.3
Node Version
18.14.1
Publised On
23 Feb 2023
Total Downloads
Cumulative downloads
Total Downloads
125,040
Last day
-17.6%
534
Compared to previous day
Last week
-20.9%
3,470
Compared to previous week
Last month
5.3%
16,466
Compared to previous month
Last year
805.1%
104,606
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Dev Dependencies
1
Versions
@har-sdk/core
The base package can be used to import specification files (i.e. HAR, OAS and Postman Collection) and detect their type.
Setup
1npm i --save @har-sdk/core
Usage
To import a specification you just need to create an instance of SpecImporter and call its import method passing the data file. The importer performs syntactic analysis and parses a provided file.
1import { SpecImporter } from '@har-sdk/core'; 2 3const result = await new SpecImporter().import(sourceAsString); 4console.log(result); 5// { 6// type: 'postman', 7// format: 'json', 8// doc: { 9// info: { 10// name: 'Postman Sample', 11// schema: 'https://schema.getpostman.com/json/collection/v2.1.0/collection.json' 12// }, 13// item: [ 14// // ... 15// ] 16// }, 17// name: 'Postman Sample.json' 18// }
To configure the list of importers, you can pass them as an array to the constructor.
1import { SpecImporter, HarImporter } from '@har-sdk/core'; 2 3const explorer = new SpecImporter([new HarImporter()]);
To extend an explorer by adding a new custom importer, you can easily implement an Importer interface.
1import { Importer, Doc, Spec, Importer } from '@har-sdk/core'; 2 3class RamlImporter implements Importer<'raml'> { 4 get type(): 'raml' { 5 return 'raml'; 6 } 7 8 async import(content: string): Promise<Spec<'raml'>> { 9 // your code 10 11 return { 12 // other fields 13 type: this.type, 14 format: 'yaml' 15 }; 16 } 17}
The package also contains a set of useful utilities like normalizeUrl:
1import { normalizeUrl } from '@har-sdk/core'; 2 3normalizeUrl('HTTP://example.COM////foo////dummy/../bar/?'); // http://example.com/foo/bar
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 21/22 approved changesets -- score normalized to 9
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/NeuraLegion/har-sdk/auto-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-build.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/NeuraLegion/har-sdk/auto-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-build.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/NeuraLegion/har-sdk/auto-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-build.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/NeuraLegion/har-sdk/auto-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-build.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/NeuraLegion/har-sdk/auto-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-build.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/NeuraLegion/har-sdk/auto-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-build.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/NeuraLegion/har-sdk/auto-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-build.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/NeuraLegion/har-sdk/auto-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-build.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/NeuraLegion/har-sdk/auto-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-build.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/NeuraLegion/har-sdk/auto-build.yml/master?enable=pin
- Info: 0 out of 9 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 3 out of 3 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/auto-build.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
13 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Score
4
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More