Gathering detailed insights and metrics for @middy/core
Gathering detailed insights and metrics for @middy/core
🛵 The stylish Node.js middleware engine for AWS Lambda 🛵
Installations
npm install @middy/coreDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
>=20
Node Version
23.11.1
NPM Version
10.9.2
Score
99.9
Supply Chain
88.9
Quality
94.3
Maintenance
100
Vulnerability
100
License
Releases
147
Languages
4
JavaScript
TypeScript
CSS
Shell
JavaScript (88.23%)
TypeScript (11.3%)
CSS (0.46%)
Shell (0.01%)
Developer
Download Statistics
Total Downloads
63,194,862
Last Day
17,449
Last Week
467,270
Last Month
1,964,855
Last Year
22,182,038
GitHub Statistics
MIT License
3,831 Stars
2,476 Commits
386 Forks
35 Watchers
18 Branches
201 Contributors
Updated on Jun 30, 2025
Bundle Size
2.88 kB
Minified
1.31 kB
Minified + Gzipped
Sponsor this package
Maintainers
3
Package Meta Information
Latest Version
6.3.1
Package Id
@middy/core@6.3.1
Unpacked Size
17.50 kB
Size
5.28 kB
File Count
4
NPM Version
10.9.2
Node Version
23.11.1
Published on
May 30, 2025
Total Downloads
Cumulative downloads
Total Downloads
63,194,862
Last Day
22.6%
17,449
Compared to previous day
Last Week
-5.1%
467,270
Compared to previous week
Last Month
4.7%
1,964,855
Compared to previous month
Last Year
5.6%
22,182,038
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
3
Middy Core
Core component of the middy framework, the stylish Node.js middleware engine for AWS Lambda
You can read the documentation at: https://middy.js.org
Install
To install middy you can use NPM:
1npm install --save @middy/core
Documentation and examples
For documentation and examples, refers to the main Middy monorepo on GitHub or Middy official website.
Contributing
Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.
License
Licensed under MIT License. Copyright (c) 2017-2025 Luciano Mammino, will Farrell, and the Middy team.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
update tool detected
Details
- Info: detected update tool: Dependabot: .github/dependabot.yml:1
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:21
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:80
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:112
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/test-sast.yml:46
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/test-sast.yml:47
- Info: topLevel permissions set to 'read-all': .github/workflows/ossf-scorecard.yml:19
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test-dast.yml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test-dco.yml:7
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test-lint.yml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test-pref.yml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test-sast.yml:13
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test-types.yml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test-unit.yml:7
- Info: topLevel 'contents' permission set to 'read': .github/workflows/website-publish.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/website-test.yml:12
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
branch protection is fully enabled on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'
- Info: 'stale review dismissal' is required to merge on branch 'main'
- Info: required approving review count is 2 on branch 'main'
- Info: codeowner review is required on branch 'main'
- Info: 'last push approval' is required to merge on branch 'main'
- Info: 'up-to-date branches' is required to merge on branch 'main'
- Info: status check found to merge onto on branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
project is fuzzed
Details
- Info: JavaScriptPropertyBasedTesting integration found: packages/appconfig/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/cloudformation-response/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/cloudformation-router/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/cloudwatch-metrics/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/core/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/do-not-wait-for-empty-event-loop/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/dynamodb/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/error-logger/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/event-normalizer/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-content-encoding/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-content-negotiation/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-cors/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-error-handler/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-event-normalizer/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-header-normalizer/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-json-body-parser/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-multipart-body-parser/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-partial-response/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-response-serializer/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-router/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-security-headers/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-urlencode-body-parser/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/http-urlencode-path-parser/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/input-output-logger/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/rds-signer/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/s3-object-response/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/s3/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/secrets-manager/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/service-discovery/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/sqs-partial-batch-failure/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/ssm/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/sts/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/validator/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/warmup/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/ws-json-body-parser/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/ws-response/index.fuzz.js:2
- Info: JavaScriptPropertyBasedTesting integration found: packages/ws-router/index.fuzz.js:2
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:106
Reason
10 out of 10 merged PRs checked by a CI test -- score normalized to 10
Reason
project has 31 contributing companies or organizations
Details
- Info: found contributions from: FullStackBulletin, GlobantUy, Oryzone, PartidoDigital, QwikDev, augustsn, aws, aws-samples, awsbites, awslabs, datastreamapp, empathycom, fastify, fourtheorem, global cyber alliance, gqty-dev, js-uy, kushki, lint-staged, lucpod, middyjs, nodejs-design-patterns-book, qwikifiers, rust-italia, s-group-dev, serverless-heaven, serverlessdays-dublin, standards, the gordon foundation, typeorm, ucudal
Reason
dependency not pinned by hash detected -- score normalized to 9
Details
- Warn: npmCommand not pinned by hash: .github/workflows/test-sast.yml:38
- Info: 39 out of 39 GitHub-owned GitHubAction dependencies pinned
- Info: 4 out of 4 third-party GitHubAction dependencies pinned
- Info: 8 out of 9 npmCommand dependencies pinned
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
- Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
Reason
badge detected: Silver
Score
9.7
/10
Last Scanned on 2025-06-29T15:31:34Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More