npmpackage.info

Gathering detailed insights and metrics for @keystone-6/core

Other packages similar to @keystone-6/core

@keystone-6-master/core

1.1.2

Keystone-6 is the latest version of Keystone. To get help with this package join the conversation in [Slack](https://community.keystonejs.com/), or [Github](https://github.com/keystonejs/keystone/).

@mirrormedia/lilith-core

2.6.1

## Installation

@nivalis/keystone-core

5.9.3

Keystone-6 is the latest version of Keystone. To get help with this package join the conversation in [Slack](https://community.keystonejs.com/), or [Github](https://github.com/keystonejs/keystone/).

@kids-reporter/cms-core

1.0.16

### Installation

Gathering detailed insights and metrics for @keystone-6/core

@keystone-6/core - 6.4.0 | npmpackage.info

@keystone-6/core

The superpowered headless CMS for Node.js — built with GraphQL and React

6.4.0

9,479

MIT

TypeScript

59.05 kB

1,941,466 5.1

Installations

npm install @keystone-6/core

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS, ESM

Node Version

20.18.2

NPM Version

10.8.2 Score

55.2

Supply Chain

Quality

94.5

Maintenance

Vulnerability

95.8

License

Pull Requests

Open

32

Total

6,911

Closed

817

Merged

6,062

Issues

Open

99

Total

1,679

Closed

1,580

Releases

24 February 2025

2025-02-24

Updated on Feb 24, 2025

7 November 2024

2024-11-07

Updated on Nov 07, 2024

28 August 2024

2024-08-28

Updated on Aug 28, 2024

09 August 2024

2024-08-09

Updated on Aug 09, 2024

30 April 2024

2024-04-30

Updated on Apr 30, 2024

16 April 2024

2024-04-16

Updated on Apr 16, 2024

View All 66 releases

Languages

TypeScript

JavaScript

HTML

TypeScript (98.81%)

JavaScript (0.96%)

HTML (0.23%)

Developer

keystonejs

Download Statistics

Total Downloads

1,941,466

Last Day

772

Last Week

6,940

Last Month

36,646

Last Year

1,125,670

GitHub Statistics

MIT License

9,479 Stars

8,051 Commits

1,184 Forks

72 Watchers

34 Branches

262 Contributors

Updated on Mar 27, 2025

Bundle Size

227.20 kB

Minified

59.05 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 262 Contributors

Package Meta Information

Latest Version

6.4.0

Package Id

@keystone-6/core@6.4.0

Unpacked Size

3.57 MB

Size

640.22 kB

File Count

733

NPM Version

10.8.2

Node Version

20.18.2

Published on

Feb 24, 2025

Total Downloads

Cumulative downloads

Total Downloads

1,941,466

Last Day

-22.8%

772

Compared to previous day

Last Week

52%

6,940

Compared to previous week

Last Month

11.2%

36,646

Compared to previous month

Last Year

98%

1,125,670

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@apollo/cache-control-types @apollo/client @apollo/server @aws-sdk/client-s3 @aws-sdk/lib-storage @aws-sdk/s3-request-presigner @babel/runtime @emotion/hash @emotion/weak-memoize @graphql-ts/extend @graphql-ts/schema @graphql-typed-document-node/core @hapi/iron @nodelib/fs.walk @prisma/client @prisma/internals @prisma/migrate @sindresorhus/slugify apollo-upload-client bcryptjs body-parser bytes chalk ci-info clipboard-copy conf cookie cors dataloader date-fns decimal.js dumb-passwords esbuild express fast-deep-equal file-type fs-extra graphql graphql-upload image-size inflection intersection-observer meow next pluralize prisma prompts react react-dom resolve uuid @keystone-ui/button @keystone-ui/fields @keystone-ui/modals @keystone-ui/loading @keystone-ui/icons @keystone-ui/notice @keystone-ui/pill @keystone-ui/core @keystone-ui/options @keystone-ui/popover @keystone-ui/segmented-control @keystone-ui/toast @keystone-ui/tooltip

Dev Dependencies

@types/apollo-upload-client @types/bcryptjs @types/body-parser @types/bytes @types/cookie @types/cors @types/express @types/fs-extra @types/pluralize @types/prompts @types/react @types/resolve @types/uuid @keystone-6/core

@keystone-6/core

Keystone-6 is the latest version of Keystone. To get help with this package join the conversation in Slack, or Github.

Visit https://keystonejs.com/ for docs, and follow @keystonejs on Twitter for the latest updates.

Critical

9.8/10

Summary

@keystone-6/core's NODE_ENV defaults to development with esbuild

Affected Versions

>= 3.0.0, < 3.0.2

Patched Versions

3.0.2

Critical

9.1/10

Summary

Field-level access-control bypass for multiselect field

Affected Versions

>= 2.2.0, < 2.3.1

Patched Versions

2.3.1

Moderate

5.3/10

Summary

When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible

Affected Versions

< 5.5.1

Patched Versions

5.5.1

Low

0/10

Summary

@keystone-6/core's bundled cuid package known to be insecure

Affected Versions

<= 5.3.1

10

Security-Policy

Determines if the project has published a security policy.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

5

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Fuzzing

Determines if the project uses fuzzing.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_preview.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/publish_preview.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_snapshot.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/publish_snapshot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:282: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:313: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests_ci_windows.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/tests_ci_windows.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/website_preview.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/website_preview.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/website_production.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/keystonejs/keystone/website_production.yml/main?enable=pin
Info: 0 out of 20 GitHub-owned GitHubAction dependencies pinned

0

SAST

Determines if the project uses static code analysis.

Score

5.1

/10

Last Scanned on 2025-03-17

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More