Gathering detailed insights and metrics for @mermaid-js/mermaid-mindmap
Gathering detailed insights and metrics for @mermaid-js/mermaid-mindmap
Generation of diagrams like flowcharts or sequence diagrams from text in a similar manner as markdown
Installations
npm install @mermaid-js/mermaid-mindmapDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
18.11.0
NPM Version
8.19.2
Score
96.2
Supply Chain
75.2
Quality
81.3
Maintenance
100
Vulnerability
99.3
License
Releases
150
@mermaid-js/tiny@11.7.0
@mermaid-js/tiny@11.7.0
Updated on Jun 20, 2025
@mermaid-js/parser@0.5.0
@mermaid-js/parser@0.5.0
Updated on Jun 20, 2025
@mermaid-js/mermaid-zenuml@0.2.1
@mermaid-js/mermaid-zenuml@0.2.1
Updated on Jun 20, 2025
@mermaid-js/layout-elk@0.1.8
@mermaid-js/layout-elk@0.1.8
Updated on Jun 20, 2025
mermaid@11.7.0
mermaid@11.7.0
Updated on Jun 20, 2025
@mermaid-js/parser@0.4.0
@mermaid-js/parser@0.4.0
Updated on Mar 25, 2025
Languages
8
TypeScript
JavaScript
HTML
Yacc
Vue
Shell
CSS
Dockerfile
TypeScript (47.11%)
JavaScript (38.93%)
HTML (9.19%)
Yacc (4.22%)
Vue (0.39%)
Shell (0.1%)
CSS (0.06%)
Dockerfile (0.01%)
Developer
Download Statistics
Total Downloads
1,094,046
Last Day
1,287
Last Week
34,080
Last Month
147,755
Last Year
711,794
GitHub Statistics
MIT License
80,855 Stars
12,952 Commits
7,725 Forks
649 Watchers
203 Branches
621 Contributors
Updated on Jul 01, 2025
Bundle Size
364.00 B
Minified
259.00 B
Minified + Gzipped
Maintainers
5
Package Meta Information
Latest Version
9.3.0
Package Id
@mermaid-js/mermaid-mindmap@9.3.0
Unpacked Size
25.66 MB
Size
5.93 MB
File Count
44
NPM Version
8.19.2
Node Version
18.11.0
Total Downloads
Cumulative downloads
Total Downloads
1,094,046
ERROR: No README data found!
No vulnerabilities found.
Reason
30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
all changesets reviewed
Reason
update tool detected
Details
- Info: detected update tool: RenovateBot: renovate.json:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/mermaid-js/.github/SECURITY.md:1
- Info: Found linked content: github.com/mermaid-js/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/mermaid-js/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/mermaid-js/.github/SECURITY.md:1
Reason
project has 17 contributing companies or organizations
Details
- Info: found contributions from: Mermaid-Chart, OSDKDev, argoproj, check-spelling, evolutionizer, excalidraw, fossgect, garnercorp, gecthrissur, john deere, mermaid chart, mermaid-chart, mermaid-js, plantuml-stdlib, prophecy, react-tags, ringcentral
Reason
dependency not pinned by hash detected -- score normalized to 9
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate-lockfile.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mermaid-js/mermaid/validate-lockfile.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate-lockfile.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/mermaid-js/mermaid/validate-lockfile.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/validate-lockfile.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/mermaid-js/mermaid/validate-lockfile.yml/develop?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/release-preview-publish.yml:32
- Info: 44 out of 46 GitHub-owned GitHubAction dependencies pinned
- Info: 35 out of 36 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
- Info: 1 out of 1 containerImage dependencies pinned
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 29 commits out of 30 are checked with a SAST tool
Reason
6 out of 7 merged PRs checked by a CI test -- score normalized to 8
Reason
branch protection is not maximal on development and all release branches
Details
- Warn: branch protection not enabled for branch 'release/10.9.3'
- Warn: branch protection not enabled for branch 'release/10.9.2'
- Info: 'allow deletion' disabled on branch 'develop'
- Info: 'force pushes' disabled on branch 'develop'
- Warn: branch 'develop' does not require approvers
- Warn: codeowners review is not required on branch 'develop'
- Info: status check found to merge onto on branch 'develop'
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:22
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:23
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/link-checker.yml:30
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr-labeler.yml:21
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-preview.yml:21
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:17
- Info: topLevel 'contents' permission set to 'read': .github/workflows/autofix.yml:8
- Info: topLevel 'contents' permission set to 'read': .github/workflows/build-docs.yml:14
- Info: topLevel 'contents' permission set to 'read': .github/workflows/check-readme-in-sync.yml:14
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:15
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:11
- Info: topLevel 'contents' permission set to 'read': .github/workflows/e2e-applitools.yml:17
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/e2e-timings.yml:13
- Info: topLevel 'contents' permission set to 'read': .github/workflows/e2e.yml:15
- Info: topLevel 'contents' permission set to 'read': .github/workflows/issue-triage.yml:8
- Info: topLevel 'contents' permission set to 'read': .github/workflows/link-checker.yml:23
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/lint.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-labeler.yml:15
- Info: topLevel 'contents' permission set to 'read': .github/workflows/publish-docs.yml:11
- Warn: no topLevel permission defined: .github/workflows/release-preview-publish.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release-preview.yml:13
- Warn: topLevel 'actions' permission set to 'write': .github/workflows/release-preview.yml:14
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:11
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:9
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yml:6
- Warn: no topLevel permission defined: .github/workflows/unlock-reopened-issues.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-browserlist.yml:1
- Warn: no topLevel permission defined: .github/workflows/validate-lockfile.yml:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
20 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-mg2h-6x62-wpwc
- Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh
- Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42
- Warn: Project is vulnerable to: GHSA-cg87-wmx4-v546
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
- Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
- Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
- Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
Score
6.7
/10
Last Scanned on 2025-06-29T15:35:54Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More