Gathering detailed insights and metrics for @mweberxyz/undici-types
Gathering detailed insights and metrics for @mweberxyz/undici-types
Installations
npm install @mweberxyz/undici-typesDeveloper Guide
BETA
Typescript
Yes
Module System
N/A
Node Version
20.12.2
NPM Version
10.5.2
Score
75.1
Supply Chain
70.9
Quality
81.4
Maintenance
100
Vulnerability
100
License
Releases
17
Contributors
1
Unable to fetch Contributors
Languages
8
JavaScript
HTML
Python
TypeScript
Shell
XSLT
CSS
Dockerfile
JavaScript (56.2%)
HTML (39.09%)
Python (3.82%)
TypeScript (0.87%)
Shell (0.01%)
XSLT (0.01%)
Developer
Download Statistics
Total Downloads
725
Last Day
4
Last Week
7
Last Month
44
Last Year
725
GitHub Statistics
2,805 Commits
16 Branches
1 Contributors
Maintainers
1
Package Meta Information
Latest Version
6.20.6
Package Id
@mweberxyz/undici-types@6.20.6
Unpacked Size
80.79 kB
Size
20.37 kB
File Count
40
NPM Version
10.5.2
Node Version
20.12.2
Publised On
22 Apr 2024
Total Downloads
Cumulative downloads
Total Downloads
725
Last day
0%
4
Compared to previous day
Last week
-50%
7
Compared to previous week
Last month
266.7%
44
Compared to previous month
Last year
0%
725
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
Versions
undici-types
This package is a dual-publish of the undici library types. The undici package still contains types. This package is for users who only need undici types (such as for @types/node). It is published alongside every release of undici, so you can always use the same version.
No vulnerabilities found.
Reason
83 different organizations found -- score normalized to 10
Details
- Info: contributors work for BoostIO,CasparCG,ES-Community,EddieHubCommunity,GonzagaAccess,Level,LyraSearch,Pseudo-Corp,Somerset-SIDeR-Programme,TrainingPlay,VppLang,WebAssembly,ada-url,adonisjs,auth0,aws,awslabs,babel,busterjs,cheminfo,cheminfo-js,cowtech,crossnx,cybozu,danger,dymonaz,elastic,electron,fastify,finn-auto,firstcontributions,fossasia,freeCodeCamp,fvgdev,getsentry,h5o,hackwitus,image-js,insidewarehouse,lexplano,malijs,mbi healthcare technologies,minibuf,mljs,mochajs,mqttjs,nearform,nock,nodejs,nodejs-private,nodesource,nxtedition,oauth-wg,oauthstuff,openid,openjs-foundation,ossf,pasokonistan,passionfruit-earth,pinojs,piscinajs,pkgjs,platformatic,pnpm,postman-eng,postmanlabs,prettier,puella care,relevantfruit,sagemath,serolife,simdutf,tech-conferences,tu wien,ubie-oss,upringjs,vercel,w3c,wasm-signatures,web-platform-tests,wintercg,zakodium,zakodium-oss
Reason
no dangerous workflow patterns detected
Reason
update tool detected
Details
- Info: tool 'Dependabot' is used: .github/dependabot.yml:1
Reason
license file detected
Details
- Info: License file found in expected location: LICENSE:1
- Info: FSF or OSI recognized license: LICENSE:1
Reason
SAST tool detected
Details
- Warn: no pull requests merged into dev branch
- Info: SAST tool detected: CodeQL
Reason
no vulnerabilities detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Add a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)
- Info: Found text in security policy: SECURITY.md:1
Reason
binaries present in source code
Details
- Warn: binary detected: lib/llhttp/llhttp.wasm:1
- Warn: binary detected: lib/llhttp/llhttp_simd.wasm:1
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: npmCommand not pinned by hash: build/Dockerfile:16
- Warn: npmCommand not pinned by hash: test/wpt/tests/resources/webidl2/build.sh:7
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:68
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:70
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:89
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:91
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:25
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:27
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:46
- Warn: npmCommand not pinned by hash: .github/workflows/bench.yml:48
- Warn: npmCommand not pinned by hash: .github/workflows/fuzz.yml:25
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:49
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:90
- Warn: npmCommand not pinned by hash: .github/workflows/publish-undici-types.yml:22
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:38
- Info: 28 out of 28 GitHub-owned GitHubAction dependencies pinned
- Info: 5 out of 5 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 containerImage dependencies pinned
- Info: 0 out of 15 npmCommand dependencies pinned
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
found 30 unreviewed changesets out of 30 -- score normalized to 0
Reason
project is not fuzzed
Details
- Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
- Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI. Over time, try to add fuzzing for more functionalities of your project. (High effort)
- Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project: QuickCheck: https://hackage.haskell.org/package/QuickCheck hedgehog: https://hedgehog.qa/ validity: https://github.com/NorfairKing/validity smallcheck: https://hackage.haskell.org/package/smallcheck hspec: https://hspec.github.io/ tasty: https://hackage.haskell.org/package/tasty (High effort)
- Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
- Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
Reason
repo was created 0 days ago, not enough maintenance history
Details
- Warn: repo was created in the last 90 days (Created at: 2024-03-15T16:08:52Z), please review its contents carefully
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/bench.yml:7
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32
- Info: topLevel 'contents' permission set to 'read': .github/workflows/fuzz.yml:6
- Info: topLevel 'contents' permission set to 'read': .github/workflows/nodejs.yml:13
- Warn: jobLevel 'actions' permission set to 'write': .github/workflows/nodejs.yml:106: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/nodejs.yml:104: Verify which permissions are needed and consider whether you can reduce them. (High effort)
- Info: topLevel 'contents' permission set to 'read': .github/workflows/publish-undici-types.yml:10
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
- Warn: no topLevel permission defined: .github/workflows/test.yml:1: Visit https://app.stepsecurity.io/secureworkflow/mweberxyz/nodejs-undici/test.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
Score
5.3
/10
Last Scanned on 2024-03-15T16:46:07Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More