npmpackage.info

Gathering detailed insights and metrics for @leanup/stack-react

@leanup/stack-react

Generic CLI to develop, test and build a SPA/PWA (framework independently)

1.3.54

Apache-2.0

TypeScript

16.77 kB

3.4

Installations

npm install @leanup/stack-react

Developer Guide

BETA

Typescript

No

Module System

N/A

Node Version

20.14.0

NPM Version

10.7.0 Score

63.4

Supply Chain

65.8

Quality

76.1

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

289

Total

6,649

Closed

5,765

Merged

595

Issues

Open

31

Total

162

Closed

131

Releases

798

Release 2.0.0-rc.86

2.0.0-rc.86

Updated on Jun 05, 2024

Release 2.0.0-rc.85

2.0.0-rc.85

Updated on Dec 20, 2023

Release 2.0.0-rc.84

2.0.0-rc.84

Updated on May 03, 2023

Release 1.3.45

1.3.45

Updated on May 03, 2023

Release 1.2.67

1.2.67

Updated on May 03, 2023

Release 1.1.98

1.1.98

Updated on May 03, 2023

View All 798 releases

Languages

TypeScript

JavaScript

HTML

Vue

Shell

Sass

Svelte

Gherkin

TypeScript (70.88%)

JavaScript (13.46%)

HTML (7.34%)

Vue (2.74%)

Shell (2.35%)

Sass (1.98%)

Svelte (1.03%)

Gherkin (0.22%)

Developer

leanupjs

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

Apache-2.0 License

34 Stars

3,532 Commits

5 Forks

2 Watchers

293 Branches

3 Contributors

Updated on Apr 26, 2025

Maintainers

View All 3 Contributors

Package Meta Information

Latest Version

1.3.54

Package Id

@leanup/stack-react@1.3.54

Unpacked Size

16.77 kB

Size

5.90 kB

File Count

NPM Version

10.7.0

Node Version

20.14.0

Published on

Jun 11, 2024

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Peer Dependencies

react react-dom

Dev Dependencies

@types/node react react-dom typescript @leanup/stack-webpack

`@leanup/stack-react`

This package contains the react framework extension for the @leanup/stack.

Installation

npm install @leanup/stack @leanup/stack-react --save-dev

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

SAST

Determines if the project uses static code analysis.

4

Security-Policy

Determines if the project has published a security policy.

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Fuzzing

Determines if the project uses fuzzing.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-dependency-updater.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/auto-dependency-updater.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-dependency-updater.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/auto-dependency-updater.yml/release/2.0?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-dependency-updater.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/auto-dependency-updater.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/codeql-analysis.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/codeql-analysis.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/codeql-analysis.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/codeql-analysis.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/deploy-docs.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/deploy-docs.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/deploy-docs.yml/release/2.0?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/deploy-docs.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-12-to-14.npm-6.test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/node-12-to-14.npm-6.test.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-12-to-14.npm-6.test.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/node-12-to-14.npm-6.test.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/publish-to-npmjs.dry.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/publish-to-npmjs.dry.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-to-npmjs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/publish-to-npmjs.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-to-npmjs.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/publish-to-npmjs.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-changelog.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/update-changelog.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-changelog.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/update-changelog.yml/release/2.0?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-changelog.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/update-changelog.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weekly-releases.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/weekly-releases.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weekly-releases.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/weekly-releases.yml/release/2.0?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/weekly-releases.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/weekly-releases.yml/release/2.0?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/weekly-releases.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/leanupjs/leanup/weekly-releases.yml/release/2.0?enable=pin
Warn: npmCommand not pinned by hash: docs/assets/demo.sh:18
Warn: npmCommand not pinned by hash: scripts/wake-up.sh:4
Warn: npmCommand not pinned by hash: .github/workflows/auto-dependency-updater.yml:32
Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:45
Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:53
Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:61
Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:69
Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.dry.yml:77
Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.yml:35
Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.yml:43
Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.yml:51
Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.yml:59
Warn: npmCommand not pinned by hash: .github/workflows/publish-to-npmjs.yml:67
Warn: npmCommand not pinned by hash: .github/workflows/update-changelog.yml:37
Info: 0 out of 20 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 4 third-party GitHubAction dependencies pinned
Info: 1 out of 15 npmCommand dependencies pinned

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

63 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-8266-84wp-wv5c
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67
Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986 / GHSA-64vr-g452-qvp3
Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
Warn: Project is vulnerable to: GHSA-3mv9-4h5g-vhg3
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-cj7v-w2c7-cp7c
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh
Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
Warn: Project is vulnerable to: GHSA-f9xv-q969-pqx4
Warn: Project is vulnerable to: GHSA-x565-32qp-m3vf
Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc

Score

3.4

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

@leanup/stack-react - 1.3.54 | npmpackage.info