Gathering detailed insights and metrics for @hint/configuration-web-recommended
Gathering detailed insights and metrics for @hint/configuration-web-recommended
💡 A hinting engine for the web
Installations
npm install @hint/configuration-web-recommendedDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
18.19.1
NPM Version
10.5.0
Releases
954
Dist files
dist
Updated on Oct 01, 2019
configuration-development-v6.1.1
configuration-development-v6.1.1
Updated on Mar 07, 2019
hint-sri-v3.0.5
hint-sri-v3.0.5
Updated on Mar 07, 2019
hint-no-vulnerable-javascript-libraries-v2.7.0
hint-no-vulnerable-javascript-libraries-v2.7.0
Updated on Mar 07, 2019
hint-css-prefix-order-v1.0.2
hint-css-prefix-order-v1.0.2
Updated on Mar 07, 2019
hint-amp-validator-v2.7.0
hint-amp-validator-v2.7.0
Updated on Mar 07, 2019
Languages
8
TypeScript
JavaScript
CSS
Handlebars
EJS
HTML
Batchfile
Shell
TypeScript (91.49%)
JavaScript (4.96%)
CSS (2.22%)
Handlebars (0.76%)
EJS (0.5%)
HTML (0.06%)
Batchfile (0.01%)
Shell (0.01%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
3,653 Stars
6,372 Commits
743 Forks
75 Watchers
157 Branches
105 Contributors
Updated on Jul 11, 2025
Maintainers
5
Package Meta Information
Latest Version
8.2.24
Package Id
@hint/configuration-web-recommended@8.2.24
Unpacked Size
16.32 kB
Size
5.50 kB
File Count
4
NPM Version
10.5.0
Node Version
18.19.1
Published on
Aug 29, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
41
@hint/configuration-accessibility@hint/connector-puppeteer@hint/connector-jsdom@hint/connector-local@hint/hint-detect-css-reflows@hint/formatter-html@hint/formatter-json@hint/formatter-stylish@hint/formatter-summary@hint/hint-button-type@hint/hint-create-element-svg@hint/hint-compat-api@hint/hint-content-type@hint/hint-css-prefix-order@hint/hint-disown-opener@hint/hint-highest-available-document-mode@hint/hint-html-checker@hint/hint-http-cache@hint/hint-http-compression@hint/hint-leading-dot-classlist@hint/hint-image-optimization-cloudinary@hint/hint-meta-charset-utf-8@hint/hint-meta-viewport@hint/hint-no-bom@hint/hint-no-disallowed-headers@hint/hint-no-friendly-error-pages@hint/hint-no-html-only-headers@hint/hint-no-http-redirects@hint/hint-no-inline-styles@hint/hint-no-protocol-relative-urls@hint/hint-no-vulnerable-javascript-libraries@hint/hint-scoped-svg-styles@hint/hint-sri@hint/hint-ssllabs@hint/hint-strict-transport-security@hint/hint-stylesheet-limits@hint/hint-validate-set-cookie-header@hint/hint-x-content-type-options@hint/parser-css@hint/parser-html@hint/parser-javascript
Peer Dependencies
1
webhint recommended web configuration
To examine development or in-production websites, use
@hint/configuration-web-recommended.
NOTE: This package is for use against any content served from a web server.
This webhint configuration package is installed automatically by webhint.
To install webhint, run the command in the following code snippet.
1npm install hint --save-dev
NOTE: The recommended way of running
webhintis as adevDependencyof your project.
Copy the following code snippet and add it to your .hintrc file.
1{ 2 "extends": ["web-recommended"] 3}
The following code snippet is an expanded version of the previous code snippet.
1{ 2 "connector": { 3 "name": "puppeteer" 4 }, 5 "extends": [ 6 "accessibility" 7 ], 8 "formatters": [ 9 "html", 10 "summary" 11 ], 12 "hints": { 13 "axe": "error", 14 "content-type": "error", 15 "disown-opener": "error", 16 "highest-available-document-mode": "error", 17 "html-checker": "error", 18 "http-cache": "error", 19 "http-compression": "error", 20 ... 21 }, 22 "hintsTimeout": 120000 23}
The following code snippet includes another formatter (or any other hint or connector, and so on).
1{ 2 "extends": ["web-recommended"], 3 "formatters": ["codeframe"] 4}
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.txt:0
Reason
no binaries found in the repo
Reason
Found 4/23 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/3rdparty.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/3rdparty.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/webhintio/hint/3rdparty.yml/main?enable=pin
- Info: 0 out of 1 GitHub-owned GitHubAction dependencies pinned
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact dist not signed: https://api.github.com/repos/webhintio/hint/releases/20378720
- Warn: release artifact parser-javascript-v2.1.0 not signed: https://api.github.com/repos/webhintio/hint/releases/15983643
- Warn: release artifact dist does not have provenance: https://api.github.com/repos/webhintio/hint/releases/20378720
- Warn: release artifact parser-javascript-v2.1.0 does not have provenance: https://api.github.com/repos/webhintio/hint/releases/15983643
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
64 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-r5fx-8r73-v86c
- Warn: Project is vulnerable to: GHSA-28hp-fgcr-2r4h
- Warn: Project is vulnerable to: GHSA-89mq-4x47-5v83
- Warn: Project is vulnerable to: GHSA-5cp4-xmrw-59wf
- Warn: Project is vulnerable to: GHSA-mhp6-pxh8-r675
- Warn: Project is vulnerable to: GHSA-2qqx-w9hr-q5gx
- Warn: Project is vulnerable to: GHSA-2vrf-hf26-jrp5
- Warn: Project is vulnerable to: GHSA-4w4v-5hc9-xrr2
- Warn: Project is vulnerable to: GHSA-j58c-ww9w-pwp5
- Warn: Project is vulnerable to: GHSA-m9gf-397r-hwpg
- Warn: Project is vulnerable to: GHSA-mqm9-c95h-x2p6
- Warn: Project is vulnerable to: GHSA-prc3-vjfx-vhm9
- Warn: Project is vulnerable to: GHSA-qwqh-hm9m-p5hr
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-8gh8-hqwg-xf34
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-hhhv-q57g-882q
- Warn: Project is vulnerable to: GHSA-rmxg-73gg-4p98
- Warn: Project is vulnerable to: GHSA-6c3j-c64m-qhgq
- Warn: Project is vulnerable to: GHSA-gxr4-xjj5-5px2
- Warn: Project is vulnerable to: GHSA-jpcq-cgw6-v4j6
- Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
- Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
- Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
- Warn: Project is vulnerable to: GHSA-vcjj-xf2r-mwvc
- Warn: Project is vulnerable to: GHSA-6vfc-qv3f-vr6c
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
- Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
- Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Score
2.6
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More