Gathering detailed insights and metrics for @leanup/cli
Gathering detailed insights and metrics for @leanup/cli
Generic CLI to develop, test and build a SPA/PWA (framework independently)
Installations
npm install @leanup/cliDeveloper Guide
BETA
Typescript
No
Module System
N/A
Node Version
18.20.2
NPM Version
10.5.0
Releases
798
Languages
8
TypeScript
JavaScript
HTML
Vue
Shell
Sass
Svelte
Gherkin
TypeScript (70.88%)
JavaScript (13.46%)
HTML (7.34%)
Vue (2.74%)
Shell (2.35%)
Sass (1.98%)
Svelte (1.03%)
Gherkin (0.22%)
Developer
leanupjs
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
34 Stars
3,532 Commits
5 Forks
2 Watchers
293 Branches
3 Contributors
Updated on Apr 26, 2025
Maintainers
1
Package Meta Information
Latest Version
1.3.50
Package Id
@leanup/cli@1.3.50
Unpacked Size
137.22 kB
Size
38.30 kB
File Count
63
NPM Version
10.5.0
Node Version
18.20.2
Published on
Apr 24, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
3
Make things pure ... to become lean.
leanup CLI
The @leanup CLI contains all required popular tools in there minimal default, transparent and extensible configuration to develop JavaScript/TypeScript web applications.
- Motivation
- Principles
- Demo
- Installation
- Features
- Structure
- Replaced environment variables
- Dependencies
- Peer dependencies
- Optional tools
Motivation
- Learnability
- Controllability
- Universality
- Flexibility
- Scalability
- Durability
- Transparency
Principles
- convention over configuration
- pure commands under the hood
- don't repeat yourself
- following the generic instead of the influenced way
- keep the dependencies always up to date
Demo
There are some working examples:
Installation
To install the @leanup CLI execute the following command:
npm install @leanup/cli typescript --save-dev
And a non-framework or framework strategy must also be selected:
Non-framework:
npm install @leanup/cli-vanilla --save-dev
Or with framework:
npm install @leanup/cli-angular --save-dev or
npm install @leanup/cli-angularjs --save-dev or
npm install @leanup/cli-aurelia --save-dev or
npm install @leanup/cli-inferno --save-dev or
npm install @leanup/cli-lit-element --save-dev or
npm install @leanup/cli-preact --save-dev or
npm install @leanup/cli-react --save-dev or
npm install @leanup/cli-svelte --save-dev or
npm install @leanup/cli-vue --save-dev or
npm install @leanup/cli-vue3 --save-dev
Install the peer dependencies chromedriver, geckodriver or selenium-server in the required version, if you need that features.
npm install chromedriver --save-devnpm install geckodriver --save-devnpm install selenium-server--save-dev
Features
| Tool/Technology | Description | Status | Note | Rating |
|---|---|---|---|---|
| TypeScript | Language | ✔️ | ready |  |
| Webpack | Bundler | ✔️ | ready |  |
| Snowpack | Bundler | ⌛ | in progress |  |
| Vite | Bundler | ⌛ | in progress |  |
| ESBuild | Transpiler | ✔️ | ready |  |
| Babel | Transpiler | ✔️ | ready |  |
| Mocha | Unit-Test-Runner | ✔️ | ready |  |
| Chai | Assertion | ✔️ | ready | |
| Sinon | Mocking | ✔️ | ready |  |
| NYC | Code-Coverage | ✔️ | ready |  |
| ESLint | Code-Checker | ✔️ | ready |  |
| Nightwatch.js | E2E-Test-Runner | ✔️ | ready |  |
| Allsure | Report | ✔️ | ready | |
| Cucumber | BDD | ✔️ | ready |  |
| robotframework | BDD | ⌛ | will be evaluated | |
| Storybook | Documentation | ⌛ | in progress |  |
| OpenAPI | API | ✔️ | ready | |
| GraphQL | API | ✔️ | ready |  |
| Workbox | PWA | ✔️ | ready |  |
| Lerna | Mono-Repo | ✔️ | ready |  |
| Ant-Design | Design-System | ✔️ | proved |  |
| Bootstrap | Design-System | ✔️ | proved |  |
| Material | Design-System | ✔️ | proved |  |
| Tailwindcss | Design-System | ✔️ | proved |  |
| WindiCSS | Design-System | ✔️ | proved |  |
| Nexus IQ | Vulnerabiliy-Gate | ✔️ | ready | |
| Less | CSS | ✔️ | ready |  |
| Sass | CSS | ✔️ | ready |  |
| PostCSS | CSS | ✔️ | ready |  |
| TSArch | Architecture | ⌛ | in progress |  |
| Webhint | Webhint | ✔️ | moved *** |  |
| TestCafe | E2E-Test-Runner | ⌛ | will be evaluated **** |  |
| TSLint | Code-Checker | ❌ | removed ** |  |
| Cypress | E2E-Test-Runner | ❌ | excluded * |  |
* Arguments agains Cypress:
- reinvent wheel
- detect css selectors
- BDD test syntax
- principals
- large tooling
- a lot of binaries
- many dependencies
- ci integration vs selenium hub
It is difficult to keep focus with Cypress as it is more a nice tool than an effective tool. It is expected that a lot of time will be invested to justify the requirements of a project.
** TSLint is deprecated.
*** Webhint is not practical for the development of components, since component tags often have no relation to standard HTML. In addition, the webhint package alone is over 100 MB in size. I have good by using a IDE webhint plugin, like VSCode webhint.
**** TestCafe The idea that defined TestCafe architecture was that you don't really need an external driver to run end-to-end tests in the browser. That's interesting.
Structure
Vanilla Java-/TypeScript are supported by default. That means for example custom elements and any plain Java-/TypeScript code.
@leanup/cli✔️@leanup/cli-vanilla(optional) ✔️
Frameworks
Vanilla Java-/TypeScript are supported by default. That means for example custom elements and any plain Java-/TypeScript code.
The selection of the following frameworks depends in parts on the following references:
Currently the following framework extensions are available:
@leanup/cli-angular✔️@leanup/cli-angularjs✔️@leanup/cli-aurelia✔️@leanup/cli-inferno✔️@leanup/cli-lit-element✔️@leanup/cli-preact✔️@leanup/cli-react✔️@leanup/cli-svelte✔️@leanup/cli-vue✔️@leanup/cli-vue3✔️ (RC)
Extensions
A separate package contains some nice but not required addons for webpack.
@leanup/cli-addons✔️@leanup/cli-cucumber✔️@leanup/cli-graphql✔️@leanup/cli-pwa✔️@leanup/cli-webhint✔️
Thinks
There a separate packages for important application features.
@leanup/git-hooks✔️@leanup/form✔️@leanup/lib✔️- @leanup/ul ⌛
Replaced environment variables
The following variable names are replaced by the values from package.json file in the bundle:
| Name | Description |
|---|---|
| APP_AUTHER | The value of the author attribute from the package.json file. |
| APP_HOMEPAGE | The value of the homepage attribute from the package.json file. |
| APP_NAME | The value of the name attribute from the package.json file. |
| APP_VERSION | The value of the version attribute from the package.json file. |
| NODE_ENV | The value of the version attribute from the package.json file. |
For example:
package.json:
1{ 2 "name": "@scope/my-app", 3 "version": "1.1.0", 4 "description": "This CLI brings along all required tools to serve, test and build multi framework SPAs", 5 "author": "Martin Oppitz <npmjs@martinoppitz.com>", 6 "homepage": "https://leanupjs.org", 7 ...
App code:
1const APP_METADATA = { 2 author: '$$APP_AUTHER$$', 3 homepage: '$$APP_HOMEPAGE$$', 4 name: '$$APP_NAME$$', 5 version: '$$APP_VERSION$$', 6 environment: '$$NODE_ENV$$', // development | test | production ⌛ 7}; 8console.log(APP_METADATA);
Dependencies
| Package | Size | Vulnerabilities |
|---|---|---|
| @babel/core |  | |
| @babel/plugin-proposal-class-properties |  | |
| @babel/plugin-proposal-decorators |  | |
| @babel/preset-env |  | |
| @babel/preset-typescript |  | |
| @types/node |  | |
| babel-loader |  | |
| chalk |  | |
| commander |  | |
| copy-modules-webpack-plugin |  | |
| css-loader |  | |
| esbuild-loader |  | |
| file-loader |  | |
| less |  | |
| less-loader |  | |
| postcss |  | |
| postcss-loader |  | |
| sass |  | |
| sass-loader |  | |
| string-replace-loader |  | |
| style-loader |  | |
| webpack |  | |
| webpack-cli |  | |
| webpack-dev-server |  |
Peer dependencies
| Package | Size | Vulnerabilities |
|---|---|---|
| chromedriver |  | |
| geckodriver |  | |
| graphql |  | |
| selenium-server |  | |
| typescript |  |
Optional tools
| Package | Size | Vulnerabilities |
|---|---|---|
| @leanup/git-hooks |  | |
| allure-commandline |  | |
| lerna |  | |
| workbox-cli |  |
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.md:0
Reason
no binaries found in the repo
Reason
SAST tool detected: CodeQL
Details
- Info: SAST configuration detected: CodeQL
- Warn: no pull requests merged into dev branch
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Warn: no linked content found
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29
- Warn: no topLevel permission defined: .github/workflows/auto-dependency-updater.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy-docs.yml:1
- Warn: no topLevel permission defined: .github/workflows/node-12-to-14.npm-6.test.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-to-npmjs.dry.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-to-npmjs.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-changelog.yml:1
- Warn: no topLevel permission defined: .github/workflows/weekly-releases.yml:1
- Info: no jobLevel write permissions found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'release/2.0'
- Warn: branch protection not enabled for branch 'release/1.3'
- Warn: branch protection not enabled for branch 'release/1.2'
- Warn: branch protection not enabled for branch 'release/1.1'
- Warn: branch protection not enabled for branch 'release/1.0'
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-dependency-updater.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/auto-dependency-updater.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-dependency-updater.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/auto-dependency-updater.yml/release/2.0?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-dependency-updater.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/auto-dependency-updater.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/codeql-analysis.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/codeql-analysis.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/codeql-analysis.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/codeql-analysis.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/deploy-docs.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/deploy-docs.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/deploy-docs.yml/release/2.0?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/deploy-docs.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-12-to-14.npm-6.test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/node-12-to-14.npm-6.test.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-12-to-14.npm-6.test.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/node-12-to-14.npm-6.test.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/publish-to-npmjs.dry.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/publish-to-npmjs.dry.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-to-npmjs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/publish-to-npmjs.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-to-npmjs.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/publish-to-npmjs.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-changelog.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/update-changelog.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-changelog.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/update-changelog.yml/release/2.0?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-changelog.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/update-changelog.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weekly-releases.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/weekly-releases.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weekly-releases.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/weekly-releases.yml/release/2.0?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/weekly-releases.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/weekly-releases.yml/release/2.0?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weekly-releases.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/weekly-releases.yml/release/2.0?enable=pin
- Warn: npmCommand not pinned by hash: docs/assets/demo.sh:18
- Warn: npmCommand not pinned by hash: scripts/wake-up.sh:4
- Warn: npmCommand not pinned by hash: .github/workflows/auto-dependency-updater.yml:32
- Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:45
- Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:53
- Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:61
- Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:69
- Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:77
- Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.yml:35
- Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.yml:43
- Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.yml:51
- Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.yml:59
- Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.yml:67
- Warn: npmCommand not pinned by hash: .github/workflows/update-changelog.yml:37
- Info: 0 out of 20 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
- Info: 1 out of 15 npmCommand dependencies pinned
Reason
63 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-8266-84wp-wv5c
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986 / GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-3mv9-4h5g-vhg3
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-cj7v-w2c7-cp7c
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh
- Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
- Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
- Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
- Warn: Project is vulnerable to: GHSA-f9xv-q969-pqx4
- Warn: Project is vulnerable to: GHSA-x565-32qp-m3vf
- Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Score
3.4
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More