Gathering detailed insights and metrics for @napi-rs/canvas-darwin-arm64
Gathering detailed insights and metrics for @napi-rs/canvas-darwin-arm64
High performance skia binding to Node.js. Zero system dependencies and pure npm packages without any postinstall scripts nor node-gyp.
Installations
npm install @napi-rs/canvas-darwin-arm64Developer Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>= 10
Node Version
22.16.0
NPM Version
10.9.2
Score
99.7
Supply Chain
35.6
Quality
92.5
Maintenance
100
Vulnerability
100
License
Releases
142
Languages
8
Rust
TypeScript
C++
JavaScript
Dockerfile
HTML
CMake
Shell
Rust (50.29%)
TypeScript (18.37%)
C++ (16.12%)
JavaScript (13.51%)
Dockerfile (1.01%)
HTML (0.64%)
CMake (0.05%)
Shell (0.01%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
1,979 Stars
1,111 Commits
86 Forks
20 Watchers
17 Branches
33 Contributors
Updated on Jul 13, 2025
Maintainers
2
Package Meta Information
Latest Version
0.1.73
Package Id
@napi-rs/canvas-darwin-arm64@0.1.73
Unpacked Size
23.14 MB
Size
10.80 MB
File Count
3
NPM Version
10.9.2
Node Version
22.16.0
Published on
Jun 29, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
@napi-rs/canvas-darwin-arm64
This is the aarch64-apple-darwin binary for @napi-rs/canvas
No vulnerabilities found.
Reason
30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker.yml:9
Reason
0 existing vulnerabilities detected
Reason
Found 0/23 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/CI.yaml:9
- Warn: no topLevel permission defined: .github/workflows/docker.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/libcxxabi.yml:11
- Warn: no topLevel permission defined: .github/workflows/skia.yaml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:695: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:700: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:709: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yaml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yaml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yaml:254: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:259: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:285: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:308: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yaml:313: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:322: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:330: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:341: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:355: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:524: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yaml:527: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:536: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yaml:552: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:562: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:654: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:659: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:371: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yaml:374: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:383: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:392: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:406: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:422: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yaml:425: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:434: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:445: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:459: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:475: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yaml:478: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:487: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yaml:500: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:511: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:577: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yaml:579: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:587: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yaml:599: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yaml:604: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:614: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yaml:624: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/CI.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/docker.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/docker.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/docker.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/docker.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/libcxxabi.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/libcxxabi.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/libcxxabi.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/libcxxabi.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/libcxxabi.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/libcxxabi.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/libcxxabi.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/libcxxabi.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/libcxxabi.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/libcxxabi.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/libcxxabi.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/libcxxabi.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/libcxxabi.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/libcxxabi.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/libcxxabi.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/libcxxabi.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/libcxxabi.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/libcxxabi.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:336: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:341: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:346: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:376: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:380: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:384: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/skia.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/skia.yaml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:220: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:250: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/skia.yaml:261: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skia.yaml:309: update your workflow using https://app.stepsecurity.io/secureworkflow/Brooooooklyn/canvas/skia.yaml/main?enable=pin
- Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating messense/manylinux2014-cross:x86_64 to messense/manylinux2014-cross:x86_64@sha256:1f1cdac6e9b8c030ffd7cad63fccbb777c36208b2368fd070f73465862ce97b2
- Warn: containerImage not pinned by hash: aarch64.Dockerfile:1: pin your Docker image by updating messense/manylinux2014-cross:aarch64 to messense/manylinux2014-cross:aarch64@sha256:f58c558995b848f723eb96d462e40daceb64073aa017e4e69850a669b9b28e05
- Warn: containerImage not pinned by hash: musl.Dockerfile:1: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:fa316946c0cb1f041fe46dda150f3085b71168555e5706ec0c7466a5bae12244
- Warn: downloadThenRun not pinned by hash: Dockerfile:18-49
- Warn: downloadThenRun not pinned by hash: Dockerfile:18-49
- Warn: npmCommand not pinned by hash: Dockerfile:18-49
- Warn: downloadThenRun not pinned by hash: Dockerfile:18-49
- Warn: downloadThenRun not pinned by hash: aarch64.Dockerfile:18-49
- Warn: downloadThenRun not pinned by hash: aarch64.Dockerfile:18-49
- Warn: downloadThenRun not pinned by hash: aarch64.Dockerfile:18-49
- Warn: npmCommand not pinned by hash: aarch64.Dockerfile:18-49
- Info: 0 out of 66 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 21 third-party GitHubAction dependencies pinned
- Info: 0 out of 3 containerImage dependencies pinned
- Info: 0 out of 6 downloadThenRun dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v0.1.73 not signed: https://api.github.com/repos/Brooooooklyn/canvas/releases/228601934
- Warn: release artifact v0.1.72 not signed: https://api.github.com/repos/Brooooooklyn/canvas/releases/227605952
- Warn: release artifact v0.1.71 not signed: https://api.github.com/repos/Brooooooklyn/canvas/releases/223867630
- Warn: release artifact skia-114d33c6 not signed: https://api.github.com/repos/Brooooooklyn/canvas/releases/223864257
- Warn: release artifact skia-5b8860c3 not signed: https://api.github.com/repos/Brooooooklyn/canvas/releases/216310761
- Warn: release artifact v0.1.73 does not have provenance: https://api.github.com/repos/Brooooooklyn/canvas/releases/228601934
- Warn: release artifact v0.1.72 does not have provenance: https://api.github.com/repos/Brooooooklyn/canvas/releases/227605952
- Warn: release artifact v0.1.71 does not have provenance: https://api.github.com/repos/Brooooooklyn/canvas/releases/223867630
- Warn: release artifact skia-114d33c6 does not have provenance: https://api.github.com/repos/Brooooooklyn/canvas/releases/223864257
- Warn: release artifact skia-5b8860c3 does not have provenance: https://api.github.com/repos/Brooooooklyn/canvas/releases/216310761
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 26 are checked with a SAST tool
Score
4.7
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More