Gathering detailed insights and metrics for @kkt/scope-plugin-options
Gathering detailed insights and metrics for @kkt/scope-plugin-options
Create React apps with no build configuration, Cli tool for creating react apps.
Installations
npm install @kkt/scope-plugin-optionsDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
18.19.0
NPM Version
10.2.3
Releases
84
Languages
8
TypeScript
JavaScript
HTML
Less
CSS
SCSS
Stylus
Shell
TypeScript (54.54%)
JavaScript (18.4%)
HTML (13.22%)
Less (7.34%)
CSS (5.66%)
SCSS (0.37%)
Stylus (0.34%)
Shell (0.12%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
50 Stars
1,236 Commits
12 Forks
1 Watchers
20 Branches
4 Contributors
Updated on Jan 31, 2025
Maintainers
2
Package Meta Information
Latest Version
7.5.5
Package Id
@kkt/scope-plugin-options@7.5.5
Unpacked Size
6.60 kB
Size
1.95 kB
File Count
5
NPM Version
10.2.3
Node Version
18.19.0
Published on
Jan 04, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
1
@kkt/scope-plugin-options
This will modify the CRA ModuleScopePlugin plugin that prevents to import modules from outside the src directory, useful if you use a different directory.
This is the setting for the Plug-in new ModuleScopePlugin.
Prevents users from importing files from outside of src/ (or node_modules/). This often causes confusion because we only process files within src/ with babel. To fix this, we prevent you from importing files out of src/ -- if you'd like to, please link the files into your node_modules/ and let module-resolution kick in. Make sure your source files are compiled, as they will not be processed in any way.
Installation
1yarn add --dev @kkt/scope-plugin-options 2# or use npm if you don't have yarn yet 3npm install --save-dev @kkt/scope-plugin-options
Usage
In the .kktrc.js or .kktrc.ts you created for kkt add this code:
1import path from 'path';
2import scopePluginOptions from '@kkt/scope-plugin-options';
3
4export default (conf, evn, options) => {
5 return scopePluginOptions(conf, evn, {
6 allowedFiles: [
7 path.resolve(process.cwd(), 'README.md')
8 ]
9 });
10}In package.json, add a separate npm script to build library
1{ 2 "scripts": { 3 ... 4 "build": "kkt build", 5 "start": "kkt start", 6 ... 7 } 8}
And you can now use CRA to build your library
Configurations
1import path from 'path'; 2import scopePluginOptions from '@kkt/scope-plugin-options'; 3 4export default (conf, evn, options) => { 5 return scopePluginOptions(conf, evn, false); 6}
Disable scopePlugin
1import path from 'path'; 2import { disableScopePlugin } from '@kkt/scope-plugin-options'; 3 4export default (conf, evn, options) => { 5 return disableScopePlugin(conf); 6}
API
1import { Configuration } from 'webpack'; 2import { LoaderConfOptions } from 'kkt'; 3export declare type ReactLibraryOptions = LoaderConfOptions & { 4 allowedFiles?: ReadonlyArray<string>; 5 allowedPaths?: ReadonlyArray<string>; 6 appSrcs?: string | ReadonlyArray<string>; 7}; 8export declare function disableScopePlugin(conf: Configuration): Configuration; 9export default function scopePluginOptions(conf: Configuration, env: string, options: ReactLibraryOptions): Configuration;
License
Licensed under the MIT License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/ci.yml:93
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 0/18 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:279: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:282: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:290: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:297: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:305: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:443: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:453: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/pr.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/kktjs/kkt/pr.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:27
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:29
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:106
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:108
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:135
- Warn: npmCommand not pinned by hash: .github/workflows/pr.yml:16
- Warn: npmCommand not pinned by hash: .github/workflows/pr.yml:18
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 10 third-party GitHubAction dependencies pinned
- Info: 0 out of 7 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 12 are checked with a SAST tool
Score
4.2
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More