Gathering detailed insights and metrics for @messageformat/core
Gathering detailed insights and metrics for @messageformat/core
ICU MessageFormat for Javascript - i18n Plural and Gender Capable Messages
Installations
npm install @messageformat/coreReleases
40
messageformat@4.0.0-9
messageformat@4.0.0-9
Published on 21 Nov 2024
messageformat@4.0.0-8
messageformat@4.0.0-8
Published on 02 Oct 2024
@messageformat/core@3.4.0
@messageformat/core@3.4.0
Published on 02 Oct 2024
messageformat@4.0.0-7
messageformat@4.0.0-7
Published on 28 Feb 2024
messageformat@4.0.0-6
messageformat@4.0.0-6
Published on 07 Jan 2024
v4.0.0-5
messageformat@4.0.0-5
Published on 14 Nov 2023
Developer
Developer Guide
BETA
Module System
CommonJS, UMD
Min. Node Version
Typescript Support
Yes
Node Version
22.8.0
NPM Version
10.8.2
Statistics
1,685 Stars
1,530 Commits
155 Forks
32 Watching
3 Branches
60 Contributors
Updated on 21 Nov 2024
Languages
TypeScript (94.62%)
JavaScript (4.98%)
HTML (0.34%)
EJS (0.05%)
Total Downloads
Cumulative downloads
Total Downloads
33,818,068
Last day
-10.4%
75,516
Compared to previous day
Last week
1.8%
421,223
Compared to previous week
Last month
1.6%
1,806,332
Compared to previous month
Last year
70.8%
18,784,769
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
messageformat
The experience and subtlety of your program's text can be important. Messageformat is a mechanism for handling both pluralization and gender in your applications. It can also lead to much better translations, as it's designed to support all the languages included in the Unicode CLDR.
This monorepo provides packages supporting JS implementations of both ICU MessageFormat (MF1) and Unicode MessageFormat 2 (MF2):
ICU MessageFormat 1 Packages
- @messageformat/cli - A command-line client for the library
- @messageformat/convert - Converts other localization formats into ICU MessageFormat
- @messageformat/core - The core library that transpiles MessageFormat strings into JavaScript functions
- @messageformat/date-skeleton - Tools for working with ICU DateFormat skeletons
- @messageformat/loader - Webpack loader for JSON, YAML, & .properties message files
- @messageformat/number-skeleton - Tools for working with ICU NumberFormat skeletons
- @messageformat/parser - Parses MessageFormat source strings into an AST
- @messageformat/react - React hooks and other bindings for messages
- @messageformat/runtime - Runtime dependencies of compiled message modules
- rollup-plugin-messageformat - Rollup plugin for JSON, YAML, & .properties message files
Unicode MessageFormat 2 Packages
- messageformat - (BETA) Intl.MessageFormat / MF2 parser, runtime and polyfill
- @messageformat/fluent - (BETA) Compile Fluent sources into MF2 resources
- @messageformat/icu-messageformat-1 - (BETA) Compile MF1 sources into MF2 formatters
Getting Started (MF1)
Depending on your situation, consult one or more of the following guides:
Alternatively, take a look at our examples or dig into the API documentation if you're looking to do something more involved.
Our Format Guide will help with the ICU MessageFormat Syntax, and the Usage Guide provides some further options for integrating messageformat to be a part of your workflow around UI texts and translations.
Messageformat is an OpenJS Foundation project, and we follow its Code of Conduct.
No vulnerabilities found.
Reason
30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (23) are checked with a SAST tool
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browsers.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/browsers.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browsers.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/browsers.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/browsers.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/browsers.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/docs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/nodejs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/messageformat/messageformat/nodejs.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:43
- Info: 0 out of 14 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 5 out of 6 npmCommand dependencies pinned
Reason
Found 0/10 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/browsers.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/docs.yml:1
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Score
5
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More