Gathering detailed insights and metrics for @mdn/bob
Gathering detailed insights and metrics for @mdn/bob
(Deprecated) Builder of Bits, powered MDN's interactive examples 2018–2025
Installations
npm install @mdn/bobDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
>=20
Node Version
20.19.1
NPM Version
10.8.2
Releases
106
Languages
6
TypeScript
CSS
JavaScript
HTML
WebAssembly
Rust
TypeScript (54.44%)
CSS (19.94%)
JavaScript (14.17%)
HTML (10.79%)
WebAssembly (0.58%)
Rust (0.09%)
Developer
mdn
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
75 Stars
2,253 Commits
48 Forks
12 Watchers
16 Branches
37 Contributors
Updated on Jul 08, 2025
Maintainers
5
Package Meta Information
Latest Version
6.0.1
Package Id
@mdn/bob@6.0.1
Unpacked Size
1.40 MB
Size
635.28 kB
File Count
129
NPM Version
10.8.2
Node Version
20.19.1
Published on
May 14, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
25
@codemirror/autocomplete@codemirror/commands@codemirror/lang-css@codemirror/lang-javascript@codemirror/lang-wast@codemirror/language@codemirror/lint@codemirror/view@lezer/common@lezer/css@lezer/highlight@lezer/html@lezer/javascriptclean-csscodemirrorcosmiconfigcss-loadercss-minimizer-webpack-pluginfs-extraglobmini-css-extract-pluginpath-browserifyuglify-jswatifywebpack
Dev Dependencies
30
@babel/core@babel/eslint-parser@eslint/compat@swc/core@types/clean-css@types/fs-extra@types/glob@types/uglify-js@typescript-eslint/eslint-plugincross-enveslinteslint-config-prettiereslint-import-resolver-typescripteslint-plugin-importeslint-plugin-jestglobalshttp-serverhuskyjestjest-puppeteerlint-stagednpm-run-allprettierprettier-eslintpuppeteerstyle-loaderswc-loaderts-nodetypescriptwebpack-cli
BoB (deprecated)
[!IMPORTANT] As of March 2025, BoB is no longer used on MDN.
As of May 2025, BoB is no longer maintained, and deprecated.
For more information, see https://github.com/orgs/mdn/discussions/782.
Builder of Bits aka The MDN Web Docs interactive examples example builder.
Contributing
If you want to contribute to BoB, please follow these steps:
- Create a fork
- Open an issue if one does not already exist
- Create a feature branch based on the issue you are working on
- Add and commit your changes
- Open a pull request
Thank you for your interest in contributing to MDN Web Docs.
NOTE: By contributing to BoB and MDN Web Docs you acknowledge that you have read and agree to our code of conduct.
Source Folder Structure
-editor # All files related to the interactive examples editor
|--> css
|--> js
|--> media # media used only by the editor
|--> tmpl
-live-examples # All example related files and media (only used for testing purposes)
|--> css-examples
|--> fonts # fonts used by the editor and examples
|--> html-examples
|--> js-examples
|--> mathml-examples
|--> media # media used only by the examples
Generated Folder Structure
-docs
|--> css # All editor related CSS
|--> js # All editor related JS
|--> live-examples # All custom CSS and JS for the examples
|--> media # All media and fonts for the examples
|--> pages # All generated interactive example pages
|----> css # All CSS examples
|----> js # All JS examples
|----> tabbed # All examples using the tabbed UI
|----> wat # WebAssembly examples
|----> mathml # MathML examples
|----> webapi-tabbed # Web API examples (not currently used in production)
Testing Bob without the interactive examples repository
As mentioned above, this repository contains a couple of representative examples that you can use to test Bob. For most use cases, this should be enough and allow you to test your changes without installing BoB locally and integrating it with the interactive examples repository.
To test your changes, run:
npm start
You should see output similar to the following:
1MDN-BOB: Cleaning or creating ./docs/.... 2MDN-BOB: Copying static assets.... 3MDN-BOB: Compiling editor JavaScript.... 4MDN-BOB: ../editor/js/editable-css-bundle.js written to disk 5MDN-BOB: ../editor/js/editable-js-bundle.js written to disk 6MDN-BOB: ../editor/js/editable-wat-bundle.js written to disk 7MDN-BOB: ../editor/js/editor-bundle.js written to disk 8MDN-BOB: Pages built successfully
This will build the local examples and startup a local server serving the examples. Navigate to localhost:4444 and open one of the examples to test your changes.
Testing Bob as part of interactive examples
When working on changes to BoB, you might need to test against more examples than those that are a part of this repository. In those cases, you will need to run a local version of Bob inside the interactive-examples repo. Use the following command from the root of your local copy of the interactive-examples repo:
npx install-local ~/path/to/bob && node node_modules/.bin/mdn-bob
Stuck? Ask for help.
If you get stuck while working on BoB, there are a couple of ways to get help.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool is run on all commits
Details
- Info: all commits (29) are checked with a SAST tool
Reason
binaries present in source code
Details
- Warn: binary detected: watify/pkg/watify_bg.wasm:1
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-merge.yml:6: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/bob/auto-merge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-published-simulation.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/bob/npm-published-simulation.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-published-simulation.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/bob/npm-published-simulation.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-published-simulation.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/bob/npm-published-simulation.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-rebase-needed.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/bob/pr-rebase-needed.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/bob/publish-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/bob/publish-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/bob/publish-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/bob/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/bob/test.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:21
- Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 4 out of 5 npmCommand dependencies pinned
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
Found 0/1 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/auto-merge.yml:1
- Warn: no topLevel permission defined: .github/workflows/npm-published-simulation.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-rebase-needed.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/publish-release.yml:15
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Score
4.4
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More