npmpackage.info

Gathering detailed insights and metrics for @instructure/ui-test-sandbox

@instructure/ui-test-sandbox

A UI Component Library made by Instructure, Inc.

9.10.2

451

NOASSERTION

TypeScript

155.98 kB

1,194,595 5.8

Installations

npm install @instructure/ui-test-sandbox

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Node Version

20.18.1

NPM Version

10.8.2 Score

80.2

Supply Chain

70.7

Quality

99.5

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

13

Total

1,576

Closed

204

Merged

1,359

Issues

Open

2

Total

275

Closed

273

Releases

125

v10.11.0

Published on 03 Feb 2025

v9.10.2

Published on 03 Jan 2025

v10.10.0

Published on 18 Dec 2024

v10.9.0

Published on 13 Dec 2024

v9.10.1

Published on 09 Dec 2024

v10.8.0

Published on 09 Dec 2024

View all 125 releases

Contributors

114

View all 114 contributors

Languages

TypeScript

JavaScript

HTML

EJS

TypeScript (91.35%)

JavaScript (8.52%)

HTML (0.08%)

EJS (0.05%)

Developer

instructure

Download Statistics

Total Downloads

1,194,595

Last Day

1,142

Last Week

4,948

Last Month

17,157

Last Year

633,827

GitHub Statistics

451 Stars

5,143 Commits

101 Forks

34 Watching

34 Branches

114 Contributors

Maintainers

Package Meta Information

Latest Version

9.10.2

Package Id

@instructure/ui-test-sandbox@9.10.2

Unpacked Size

155.98 kB

Size

41.77 kB

File Count

NPM Version

10.8.2

Node Version

20.18.1

Publised On

03 Jan 2025

Total Downloads

Cumulative downloads

Total Downloads

1,194,595

Last day

13.1%

1,142

Compared to previous day

Last week

21%

4,948

Compared to previous week

Last month

-9.3%

17,157

Compared to previous month

Last year

152.4%

633,827

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

category: packages

ui-test-sandbox

A wrapper for sinon test sandbox and associated utilities.

See https://sinonjs.org/

Installation

1npm install @instructure/ui-test-sandbox

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

SAST

Determines if the project uses static code analysis.

9

License

Determines if the project has defined a license.

5

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 5

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/deploy.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/deploy.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/deploy.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/deploy.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/deploy.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/deploy.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-from-pr.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/manual-release-from-pr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-from-pr.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/manual-release-from-pr.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-to-npm.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/manual-release-to-npm.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-release-to-npm.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/manual-release-to-npm.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-validation.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/pr-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-validation.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/pr-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-validation.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/pr-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-validation.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/pr-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-validation.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/pr-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-validation.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/pr-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-validation.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/pr-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-validation.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/pr-validation.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/preview.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/preview.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/preview.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/preview.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/preview.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/preview.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vrt.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/vrt.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vrt.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/vrt.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/vrt.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/instructure/instructure-ui/vrt.yml/master?enable=pin
Info: 0 out of 28 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 5 third-party GitHubAction dependencies pinned
Info: 11 out of 11 npmCommand dependencies pinned

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Security-Policy

Determines if the project has published a security policy.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

39 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-4w2v-q235-vp99
Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x
Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-325j-24f4-qv5x
Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
Warn: Project is vulnerable to: GHSA-w5hq-hm5m-4548
Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Warn: Project is vulnerable to: GHSA-h6q6-9hqw-rwfv
Warn: Project is vulnerable to: GHSA-5fg8-2547-mr8q
Warn: Project is vulnerable to: GHSA-crh6-fp67-6883
Warn: Project is vulnerable to: GHSA-g77x-44xx-532m
Warn: Project is vulnerable to: GHSA-gp8f-8m3g-qvj9
Warn: Project is vulnerable to: GHSA-7gfc-8cq8-jh5f
Warn: Project is vulnerable to: GHSA-7m27-7ghc-44w9

Score

5.8

/10

Last Scanned on 2025-01-27

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

@instructure/ui-test-sandbox

Installations

Developer Guide

Yes

CommonJS

20.18.1

10.8.2

Score

Pull Requests

13

1,576

204

1,359

Issues

2

275

273

Releases

Contributors

Languages

Developer

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

1,194,595

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Peer Dependencies

Dev Dependencies

category: packages

ui-test-sandbox

Installation

10

10

10

10

10

9

5

0

0

0

0

0

5.8

/10