Gathering detailed insights and metrics for @hippy/vue-css-loader
Gathering detailed insights and metrics for @hippy/vue-css-loader
Installations
npm install @hippy/vue-css-loaderScore
74.1
Supply Chain
69.7
Quality
89
Maintenance
100
Vulnerability
100
License
Releases
113
2024-11-08, Version 3.3.2 (LTS)
3.3.2
Published on 08 Nov 2024
2024-08-26, Version 3.3.1 (LTS)
3.3.1
Published on 26 Aug 2024
2024-07-18, Version 2.17.5
2.17.5
Published on 31 Jul 2024
2024-06-20, Version 3.3.0 (LTS)
3.3.0
Published on 20 Jun 2024
2024-04-09, Version 3.2.0-beta(LTS)
3.2.0
Published on 14 Jun 2024
2024-06-12, Version 2.17.4
2.17.4
Published on 12 Jun 2024
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
16.14.0
NPM Version
lerna/6.1.0/node@v16.14.0+x64 (darwin)
Statistics
8,012 Stars
3,216 Commits
947 Forks
214 Watching
48 Branches
90 Contributors
Updated on 27 Nov 2024
Languages
C++ (23.96%)
Java (20.7%)
TypeScript (15.11%)
Dart (10.18%)
Objective-C (9.26%)
Objective-C++ (8.16%)
JavaScript (5.71%)
Vue (3.98%)
CMake (1.69%)
Kotlin (0.59%)
Python (0.21%)
Ruby (0.17%)
C (0.12%)
Shell (0.06%)
HTML (0.05%)
Swift (0.02%)
EJS (0.02%)
Dockerfile (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
26,926
Last day
166.7%
8
Compared to previous day
Last week
79.3%
52
Compared to previous week
Last month
32.9%
198
Compared to previous month
Last year
-63.4%
4,121
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Versions
Hippy Cross Platform Framework
💡 Introduction
Hippy is a cross-platform development framework, that aims to help developers write once, and run on multiple platforms(iOS, Android, Web, and so on). Hippy is quite friendly to Web developers, especially those who are familiar with React or Vue. With Hippy, developers can create the cross-platform app easily.
Hippy is now applied in Tencent major apps such as Mobile QQ, Mobile QQ Browser, Tencent Video App, QQ Music App, and Tencent News, reaching hundreds of millions of ordinary users.
💯 Advantages
- Designed for Web developers, officially support Web frameworks like
ReactandVue. - Same APIs for different platforms.
- Excellent performance with JS engine binding communication.
- Build-in recyclable component with better performance.
- Smoothly and gracefully migrate to Web browser.
- Fully supported Flex Layout engine.
🔨 Getting started
Preparing environment
Make sure you have git and npm installed locally.
Run git clone https://github.com/Tencent/Hippy.git and npm install at project root directory.
The Hippy repository applies git-lfs to manage so,gz,otf files, make sure you have installed git-lfs first.
For macOS developers:
- Xcode with iOS sdk: build the iOS app.
- Android Studio with NDK: build the android app.
- Node.JS: run the build scripts.
homebrew is recommended to install the dependencies.
For Windows developers:
- Android Studio with NDK: build the android app.
- Node.JS: run the build scripts.
Windows can't run the iOS development environment so far.
Build the iOS simulator with js demo
For iOS, we recommend to use iOS simulator when first try. However, you can change the Xcode configuration to install the app to iPhone if you are an iOS expert.
-
cdtodriver/js/. -
Run
npm run init.This command is combined with
npm install && npx lerna bootstrap && npm run build.npm install: Install the project build scripts dependencies.npx lerna bootstrap: Install dependencies of each npm package.(Hippy uses Lerna to manage multi js packages, iflernacommand is not found, executenpm install lerna -gfirst.)npm run build: Build each front-end sdk package. -
Choose a demo to build with
npm run buildexample [hippy-react-demo|hippy-vue-demo|hippy-vue-next-demo]. -
Install CocoaPods with
brew install cocoapods, install cmake withbrew install cmake, then executepod installcommand atframework/examples/ios-demodirectory, which will createHippyDemo.xcworkspacefiles and install Cocoapods dependencies. -
Start the Xcode and build the iOS app with opening
framework/examples/ios-demo/HippyDemo.xcworkspace.
If
Step 2throw error, you cancdtodriver/js/exampleshippy-react-demo or hippy-vue-demo, and runnpm installto install demo dependencies first.More details for iOS SDK integration.
Build the Android app with js demo
For Android, we recommend using the real cellphone for better develop experience, because Hippy is using X5 JS engine which can't support x86 simulator, as well as ARM simulator has a low performance.
Before build the android app, please make sure the SDK and NDK is installed, And DO NOT update the build toolchain.
-
cdtodriver/js/. -
Run
npm run init.This command is combined with
npm install && npx lerna bootstrap && npm run build.npm install: Install the project build scripts dependencies.npx lerna bootstrap: Install dependencies of each npm package.(Hippy uses Lerna to manage multi js packages, iflernacommand is not found, executenpm install lerna -gfirst.)npm run build: Build each front-end sdk package. -
Choose a demo to build with
npm run buildexample [hippy-react-demo|hippy-vue-demo|hippy-vue-next-demo]. -
Open the
Hippy Projectat root directory with Android Studio. -
Connect Android phone with USB cable and make sure USB debugging mode is enabled(Run
adb deviceson the computer terminal to check cellphone connection status). -
Open the project with Android Studio, run and install the apk.
If
Step 2throw error, you cancdtodriver/js/exampleshippy-react-demo, hippy-vue-demo or hippy-vue-next-demo, and runnpm installto install demo dependencies first.If you encounter the issue of
No toolchains found in the NDK toolchains folder for ABI with prefix: mips64el-linux-android, here is the solution.More details for Android SDK integration.
Debug the js demo
- Follow Build the iOS simulator with js demo or Build the Android app with js demo first to build the App.
cdtodriver/js/.- Run
npm run init:example [hippy-react-demo|hippy-vue-demo|hippy-vue-next-demo]. - Run
npm run debugexample [hippy-react-demo|hippy-vue-demo|hippy-vue-next-demo] dev.
Or you can
cdtodriver/js/examples/hippy-react-demo,driver/js/examples/hippy-vue-demoordriver/js/examples/hippy-vue-next-demodirectory to runnpm run hippy:debugandnpm run hippy:devinstead.On example debug mode, npm packages such as @hippy/react, @hippy/vue, @hippy/vue-next are linked to
driver/js/packages>[different package]>dist(not node_modules), so if you have changed js package source code and want to make it take effect in target example, please callnpm run buildagain.More details for debugging can be read in Hippy Debug Document.
Build the js production demo
- Follow Build the iOS simulator with js demo or Build the Android app with js demo first to build the App.
cdtodriver/js/examples/hippy-react-demo,driver/js/examples/hippy-vue-demoordriver/js/examples/hippy-vue-next-demo.- Run
npm installto install demo js dependencies. - Run
npm run hippy:vendorandnpm run hippy:buildin sequence to build the productionvendor.[android|ios].jsandindex.[android|ios].js.
Hippy demo uses DllPlugin to split the common chunk and app chunk.
📁 Documentation
To check out hippy examples and visit hippyjs.org.
📅 Changelog
Detailed changes for each release version are documented in the project release notes.
🧱 Project structure
1Hippy 2├── devtools # Devtools for Hippy. 3├── dom # DOM Layer for Hippy. 4├── driver # Different UI Driver Layers for Hippy. 5│ └── js # JS Driver Layer for Hippy. 6│ ├── examples # Related examples for JS Driver. 7│ ├── include 8│ ├── packages # Related JS Packages for JS Driver. 9│ │ ├── hippy-react 10│ │ ├── hippy-react-web 11│ │ ├── hippy-vue 12│ │ ├── hippy-vue-css-loader 13│ │ ├── hippy-vue-loader 14│ │ ├── hippy-vue-native-components 15│ │ └── hippy-vue-router 16│ └── src 17├── framework 18│ ├── android 19│ ├── examples 20│ │ ├── android-demo 21│ │ └── ios-demo 22│ └── ios 23├── layout # Layout engine for Hippy. 24├── modules 25│ ├── android 26│ └── footstone 27├── renderer # Different Renderers for Hippy. 28│ ├── flutter 29│ └── native 30│ ├── android 31│ └── ios 32└── static
🤝 Contribution
Developers are welcome to contribute to Tencent's open source, and we will also give them incentives to acknowledge and thank them. Here we provide an official description of Tencent's open source contribution. Specific contribution rules for each project are formulated by the project team. Developers can choose the appropriate project and participate according to the corresponding rules. The Tencent Project Management Committee will report regularly to qualified contributors and awards will be issued by the official contact. Before making a pull request or issue to Hippy, please make sure to read Contributing Guide.
All the people who already contributed to Hippy can be seen in Contributors and Authors File.
❤️ Stargazers over time
📄 License
Hippy is Apache-2.0 licensed.
🔗 Links
No vulnerabilities found.
Reason
30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no dangerous workflow patterns detected
Reason
binaries present in source code
Details
- Warn: binary detected: framework/examples/voltron-demo/android-proj/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: framework/voltron/example/android/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
Found 8/23 approved changesets -- score normalized to 3
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 3.2.0 not signed: https://api.github.com/repos/Tencent/Hippy/releases/150345020
- Warn: release artifact 3.2.0 does not have provenance: https://api.github.com/repos/Tencent/Hippy/releases/150345020
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/3rd_prebuilt_sqlite.yml:1
- Warn: no topLevel permission defined: .github/workflows/3rd_prebuilt_v8.yml:1
- Warn: no topLevel permission defined: .github/workflows/android_build_tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/android_build_tests_bypass.yml:1
- Warn: no topLevel permission defined: .github/workflows/docker_build_image.yml:1
- Warn: no topLevel permission defined: .github/workflows/docs_markdown_lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/docs_markdown_lint_bypass.yml:1
- Warn: no topLevel permission defined: .github/workflows/frontend_build_tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/frontend_build_tests_bypass.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_action_approve_checks.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_action_merge.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_issue_crash_report.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_licence_checks.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_licence_checks_bypass.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_mark_and_close_stalled.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_pr_auto_merger.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_pr_auto_updater.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_pr_checks_approval.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_pr_guide.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/gh_pr_labeler.yml:16
- Warn: no topLevel permission defined: .github/workflows/gh_pr_merge_guard.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_pr_review.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_pr_review_notification.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_runners_monitor.yml:1
- Warn: no topLevel permission defined: .github/workflows/gh_webhook_retrier.yml:1
- Warn: no topLevel permission defined: .github/workflows/git_commit_lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/hip_archive_artifact.yml:1
- Warn: no topLevel permission defined: .github/workflows/hip_info_artifacts.yml:1
- Warn: no topLevel permission defined: .github/workflows/ios_build_tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/ios_build_tests_bypass.yml:1
- Warn: no topLevel permission defined: .github/workflows/project_artifact_compare.yml:1
- Warn: no topLevel permission defined: .github/workflows/project_artifact_release.yml:1
- Warn: no topLevel permission defined: .github/workflows/project_artifact_snapshot.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/project_dependency_review.yml:10
- Warn: no topLevel permission defined: .github/workflows/reuse_approve_checks_run.yml:1
- Warn: no topLevel permission defined: .github/workflows/reuse_classify_commits.yml:1
- Warn: no topLevel permission defined: .github/workflows/reuse_get_workflow_output.yml:1
- Info: topLevel 'actions' permission set to 'read': .github/workflows/security_codeql_analyses.yml:22
- Info: topLevel 'contents' permission set to 'read': .github/workflows/security_codeql_analyses.yml:23
- Warn: topLevel 'security-events' permission set to 'write': .github/workflows/security_codeql_analyses.yml:24
- Warn: no topLevel permission defined: .github/workflows/voltron_build_tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/voltron_build_tests_bypass.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/3rd_prebuilt_sqlite.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/3rd_prebuilt_sqlite.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/3rd_prebuilt_v8.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/3rd_prebuilt_v8.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/3rd_prebuilt_v8.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/3rd_prebuilt_v8.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/3rd_prebuilt_v8.yml:240: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/3rd_prebuilt_v8.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/3rd_prebuilt_v8.yml:279: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/3rd_prebuilt_v8.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/3rd_prebuilt_v8.yml:315: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/3rd_prebuilt_v8.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/3rd_prebuilt_v8.yml:376: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/3rd_prebuilt_v8.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/3rd_prebuilt_v8.yml:438: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/3rd_prebuilt_v8.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/3rd_prebuilt_v8.yml:510: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/3rd_prebuilt_v8.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android_build_tests.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/android_build_tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_build_image.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/docker_build_image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_build_image.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/docker_build_image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_image.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/docker_build_image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_image.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/docker_build_image.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_image.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/docker_build_image.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_markdown_lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/docs_markdown_lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_markdown_lint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/docs_markdown_lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/frontend_build_tests.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/frontend_build_tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/frontend_build_tests.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/frontend_build_tests.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/frontend_build_tests.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/frontend_build_tests.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_action_approve_checks.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_approve_checks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_action_approve_checks.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_approve_checks.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_action_approve_checks.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_approve_checks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_action_approve_checks.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_approve_checks.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_action_merge.yml:328: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_action_merge.yml:334: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_merge.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_action_merge.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_merge.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_action_merge.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_action_merge.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_action_merge.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_action_merge.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_action_merge.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_merge.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_action_merge.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_action_merge.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_merge.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_action_merge.yml:254: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_merge.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_action_merge.yml:261: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_action_merge.yml:277: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_action_merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_issue_crash_report.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_issue_crash_report.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_issue_crash_report.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_issue_crash_report.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_issue_crash_report.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_issue_crash_report.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_issue_crash_report.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_issue_crash_report.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_issue_crash_report.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_issue_crash_report.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_issue_crash_report.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_issue_crash_report.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_licence_checks.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_licence_checks.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_licence_checks.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_licence_checks.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_mark_and_close_stalled.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_mark_and_close_stalled.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_mark_and_close_stalled.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_mark_and_close_stalled.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_pr_auto_merger.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_auto_merger.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_pr_auto_merger.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_auto_merger.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_pr_auto_merger.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_auto_merger.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_pr_auto_merger.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_auto_merger.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_pr_auto_merger.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_auto_merger.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_pr_auto_updater.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_auto_updater.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_pr_checks_approval.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_checks_approval.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_pr_checks_approval.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_checks_approval.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_pr_checks_approval.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_checks_approval.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_pr_guide.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_guide.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_pr_guide.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_guide.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_pr_guide.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_guide.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_pr_guide.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_guide.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_pr_labeler.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_labeler.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_pr_labeler.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_labeler.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_pr_review.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_review.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_pr_review_notification.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_review_notification.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_pr_review_notification.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_review_notification.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_pr_review_notification.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_review_notification.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_pr_review_notification.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_review_notification.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_pr_review_notification.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_pr_review_notification.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/gh_runners_monitor.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_runners_monitor.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_runners_monitor.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_runners_monitor.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_runners_monitor.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_runners_monitor.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_runners_monitor.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_runners_monitor.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh_webhook_retrier.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/gh_webhook_retrier.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/git_commit_lint.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/git_commit_lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/git_commit_lint.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/git_commit_lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios_build_tests.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/ios_build_tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_artifact_compare.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/project_artifact_compare.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_artifact_compare.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/project_artifact_compare.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/project_artifact_release.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/project_artifact_release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_artifact_release.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/project_artifact_release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_artifact_release.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/project_artifact_release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_artifact_release.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/project_artifact_release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_artifact_release.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/project_artifact_release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_artifact_release.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/project_artifact_release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/project_artifact_snapshot.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/project_artifact_snapshot.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_artifact_snapshot.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/project_artifact_snapshot.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_dependency_review.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/project_dependency_review.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/project_dependency_review.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/project_dependency_review.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reuse_approve_checks_run.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/reuse_approve_checks_run.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reuse_approve_checks_run.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/reuse_approve_checks_run.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reuse_classify_commits.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/reuse_classify_commits.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reuse_get_workflow_output.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/reuse_get_workflow_output.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security_codeql_analyses.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/security_codeql_analyses.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security_codeql_analyses.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/security_codeql_analyses.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security_codeql_analyses.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/security_codeql_analyses.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security_codeql_analyses.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/security_codeql_analyses.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security_codeql_analyses.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/security_codeql_analyses.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security_codeql_analyses.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/security_codeql_analyses.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/voltron_build_tests.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/voltron_build_tests.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/voltron_build_tests.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/voltron_build_tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/voltron_build_tests.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/voltron_build_tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/voltron_build_tests.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/voltron_build_tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/voltron_build_tests.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/voltron_build_tests.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/voltron_build_tests.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/voltron_build_tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/voltron_build_tests.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/voltron_build_tests.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/voltron_build_tests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/voltron_build_tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/voltron_build_tests.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/voltron_build_tests.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/voltron_build_tests.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/voltron_build_tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/voltron_build_tests.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/voltron_build_tests.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/voltron_build_tests.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/Tencent/Hippy/voltron_build_tests.yml/main?enable=pin
- Warn: containerImage not pinned by hash: buildconfig/docker/android-release/Dockerfile:1: pin your Docker image by updating debian to debian@sha256:10901ccd8d249047f9761845b4594f121edef079cfd8224edebd9ea726f0a7f6
- Warn: containerImage not pinned by hash: buildconfig/docker/linux-release/Dockerfile:1: pin your Docker image by updating debian to debian@sha256:10901ccd8d249047f9761845b4594f121edef079cfd8224edebd9ea726f0a7f6
- Warn: pipCommand not pinned by hash: .github/workflows/3rd_prebuilt_sqlite.yml:127
- Warn: pipCommand not pinned by hash: .github/workflows/3rd_prebuilt_v8.yml:453
- Warn: pipCommand not pinned by hash: .github/workflows/3rd_prebuilt_v8.yml:525
- Warn: pipCommand not pinned by hash: .github/workflows/3rd_prebuilt_v8.yml:255
- Warn: pipCommand not pinned by hash: .github/workflows/3rd_prebuilt_v8.yml:330
- Warn: pipCommand not pinned by hash: .github/workflows/3rd_prebuilt_v8.yml:391
- Warn: npmCommand not pinned by hash: .github/workflows/docs_markdown_lint.yml:27
- Warn: npmCommand not pinned by hash: .github/workflows/frontend_build_tests.yml:36
- Warn: npmCommand not pinned by hash: .github/workflows/gh_action_merge.yml:67
- Warn: npmCommand not pinned by hash: .github/workflows/gh_issue_crash_report.yml:64
- Warn: npmCommand not pinned by hash: .github/workflows/git_commit_lint.yml:20
- Warn: pipCommand not pinned by hash: .github/workflows/hip_archive_artifact.yml:72
- Warn: pipCommand not pinned by hash: .github/workflows/hip_info_artifacts.yml:28
- Warn: pipCommand not pinned by hash: .github/workflows/project_artifact_release.yml:96
- Warn: npmCommand not pinned by hash: .github/workflows/project_artifact_release.yml:191
- Warn: pipCommand not pinned by hash: .github/workflows/project_artifact_snapshot.yml:75
- Info: 0 out of 68 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 42 third-party GitHubAction dependencies pinned
- Info: 0 out of 6 npmCommand dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
- Info: 0 out of 10 pipCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
37 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
- Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-p3vf-v8qc-cwcr
- Warn: Project is vulnerable to: GHSA-gx9m-whjm-85jf
- Warn: Project is vulnerable to: GHSA-mmhx-hmjr-r674
- Warn: Project is vulnerable to: GHSA-4r62-v4vq-hr96
- Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
- Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Score
3.9
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More