npmpackage.info

Gathering detailed insights and metrics for @napi-rs/cli

@napi-rs/cli

A framework for building compiled Node.js add-ons in Rust via Node-API

2.18.4

6,179

NOASSERTION

Rust

6,011,277 5.1

Installations

npm install @napi-rs/cli

Pull Requests

Open

7

Total

1,646

Closed

136

Merged

1,503

Issues

Open

200

Total

640

Closed

440

Releases

386

napi-derive@3.0.0-alpha.19

Published on 13 Nov 2024

napi-derive@3.0.0-alpha.18

Published on 07 Nov 2024

napi@3.0.0-alpha.20

Published on 07 Nov 2024

napi-derive@3.0.0-alpha.17

Published on 31 Oct 2024

napi@3.0.0-alpha.18

Published on 31 Oct 2024

napi-sys@3.0.0-alpha.0

Published on 28 Oct 2024

View all 386 releases

Developer

napi-rs

Developer Guide

BETA

Module System

Unable to determine the module system for this package.

Min. Node Version

>= 10

Typescript Support

No

Node Version

18.20.3

NPM Version

lerna/8.0.2/node@v18.20.3+x64 (linux)

Statistics

6,179 Stars

2,888 Commits

278 Forks

29 Watching

13 Branches

123 Contributors

Updated on 28 Nov 2024

Languages

Rust (75.3%)

TypeScript (20.19%)

JavaScript (3.85%)

Dockerfile (0.66%)

Total Downloads

Cumulative downloads

Total Downloads

6,011,277

Last day

-16.6%

7,486

Compared to previous day

Last week

-6%

49,142

Compared to previous week

Last month

10%

222,499

Compared to previous month

Last year

47.6%

2,233,533

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

fdir toml debug tslib core-js js-yaml inquirer typanion clipanion colorette env-paths lodash-es @octokit/rest @types/js-yaml @types/inquirer @types/lodash-es

Versions

napi-rs

This project was initialized from xray

A framework for building compiled Node.js add-ons in Rust via Node-API. Website: https://napi.rs

Platform Support

MSRV

Rust 1.65.0

	node12	node14	node16	node18	node20
Windows x64	✓	✓	✓	✓	✓
Windows x86	✓	✓	✓	✓	✓
Windows arm64	✓	✓	✓	✓	✓
macOS x64	✓	✓	✓	✓	✓
macOS aarch64	✓	✓	✓	✓	✓
Linux x64 gnu	✓	✓	✓	✓	✓
Linux x64 musl	✓	✓	✓	✓	✓
Linux aarch64 gnu	✓	✓	✓	✓	✓
Linux aarch64 musl	✓	✓	✓	✓	✓
Linux arm gnueabihf	✓	✓	✓	✓	✓
Linux arm muslebihf	✓	✓	✓	✓	✓
Linux powerpc64le gnu	✓	✓	✓	✓	✓
Linux s390x gnu	✓	✓	✓	✓	✓
Linux riscv64 gnu	N/A	N/A	✓	✓	✓
Linux aarch64 android	✓	✓	✓	✓	✓
Linux armv7 android	✓	✓	✓	✓	✓
FreeBSD x64	✓	✓	✓	✓	✓

This library depends on Node-API and requires Node@10.0.0 or later.

We already have some packages written by napi-rs: node-rs

One nice feature is that this crate allows you to build add-ons purely with the Rust/JavaScript toolchain and without involving node-gyp.

Taste

You can start from package-template to play with napi-rs

Define JavaScript functions

1/// import the preludes
2use napi::bindgen_prelude::*;
3use napi_derive::napi;
4
5/// module registration is done by the runtime, no need to explicitly do it now.
6#[napi]
7fn fibonacci(n: u32) -> u32 {
8  match n {
9    1 | 2 => 1,
10    _ => fibonacci(n - 1) + fibonacci(n - 2),
11  }
12}
13
14/// use `Fn`, `FnMut` or `FnOnce` traits to defined JavaScript callbacks
15/// the return type of callbacks can only be `Result`.
16#[napi]
17fn get_cwd<T: Fn(String) -> Result<()>>(callback: T) {
18  callback(env::current_dir().unwrap().to_string_lossy().to_string()).unwrap();
19}
20
21/// or, define the callback signature in where clause
22#[napi]
23fn test_callback<T>(callback: T)
24where T: Fn(String) -> Result<()>
25{}
26
27/// async fn, require `async` feature enabled.
28/// [dependencies]
29/// napi = {version="2", features=["async"]}
30#[napi]
31async fn read_file_async(path: String) -> Result<Buffer> {
32  tokio::fs::read(path)
33    .map(|r| match r {
34      Ok(content) => Ok(content.into()),
35      Err(e) => Err(Error::new(
36        Status::GenericFailure,
37        format!("failed to read file, {}", e),
38      )),
39    })
40    .await
41}

more examples at examples

Building

This repository is a Cargo crate. Any napi-based add-on should contain Cargo.toml to make it a Cargo crate.

In your Cargo.toml you need to set the crate-type to "cdylib" so that cargo builds a C-style shared library that can be dynamically loaded by the Node executable. You'll also need to add this crate as a dependency.

1[package]
2name = "awesome"
3
4[lib]
5crate-type = ["cdylib"]
6
7[dependencies]
8napi = "3"
9napi-derive = "3"
10
11[build-dependencies]
12napi-build = "1"

And create build.rs in your own project:

1// build.rs
2extern crate napi_build;
3
4fn main() {
5  napi_build::setup();
6}

So far, the napi build script has only been tested on macOS Linux Windows x64 MSVC and FreeBSD.

Install the @napi-rs/cli to help you build your Rust codes and copy Dynamic lib file to .node file in case you can require it in your program.

1{
2  "package": "awesome-package",
3  "devDependencies": {
4    "@napi-rs/cli": "^1.0.0"
5  },
6  "napi": {
7    "name": "jarvis" // <----------- Config the name of native addon, or the napi command will use the name of `Cargo.toml` for the binary file name.
8  },
9  "scripts": {
10    "build": "napi build --release",
11    "build:debug": "napi build"
12  }
13}

Then you can require your native binding:

1require('./jarvis.node')

The module_name would be your package name in your Cargo.toml.

xxx => ./xxx.node

xxx-yyy => ./xxx_yyy.node

You can also copy Dynamic lib file to an appointed location:

1napi build [--release] ./dll
2napi build [--release] ./artifacts

There are documents which contains more details about the @napi-rs/cli usage.

Testing

Because libraries that depend on this crate must be loaded into a Node executable in order to resolve symbols, all tests are written in JavaScript in the test_module subdirectory.

To run tests:

1yarn build:test
2yarn test

Related projects

Features table

Rust Type	Node Type	NAPI Version	Minimal Node version	Enable by `napi` feature
u32	Number	1	v8.0.0
i32/i64	Number	1	v8.0.0
f64	Number	1	v8.0.0
bool	Boolean	1	v8.0.0
String/&'a str	String	1	v8.0.0
Latin1String	String	1	v8.0.0	latin1
UTF16String	String	1	v8.0.0
Object	Object	1	v8.0.0
serde_json::Map	Object	1	v8.0.0	serde-json
serde_json::Value	any	1	v8.0.0	serde-json
Array	Array	1	v8.0.0
Vec	Array	1	v8.0.0
Buffer	Buffer	1	v8.0.0
External	External	1	v8.0.0
Null	null	1	v8.0.0
Undefined/()	undefined	1	v8.0.0
Result<()>	Error	1	v8.0.0
T: Fn(...) -> Result	Function	1	v8.0.0
Async/Future	Promise	4	v10.6.0	async
AsyncTask	Promise	1	v8.5.0
JsGlobal	global	1	v8.0.0
JsSymbol	Symbol	1	v8.0.0
Int8Array/Uint8Array ...	TypedArray	1	v8.0.0
JsFunction	threadsafe function	4	v10.6.0	napi4
BigInt	BigInt	6	v10.7.0	napi6

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

9

License

Determines if the project has defined a license.

9

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/asan.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/asan.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/asan.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/asan.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/asan.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/asan.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/asan.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/asan.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/bench.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/bench.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/bench.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/bench.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/bench.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/bench.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yaml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/memory-test.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/memory-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/memory-test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/memory-test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/memory-test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/memory-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/memory-test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/memory-test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/memory-test.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/memory-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:264: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:270: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:309: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:315: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:321: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:339: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:343: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:494: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:497: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:503: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:509: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:528: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:677: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:678: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:597: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:599: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:604: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:609: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:638: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:639: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:643: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:648: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:653: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:369: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:372: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:384: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:393: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:406: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:457: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:460: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:464: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:468: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:478: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:538: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:541: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:547: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:552: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:582: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:585: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/zig.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/zig.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/zig.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/zig.yaml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/zig.yaml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/zig.yaml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
Warn: containerImage not pinned by hash: alpine-zig.Dockerfile:1: pin your Docker image by updating ghcr.io/napi-rs/napi-rs/nodejs-rust:lts-alpine to ghcr.io/napi-rs/napi-rs/nodejs-rust:lts-alpine@sha256:55a9cea3e298935a41bc8a0536db0d2b076377627e42774dd418ecc51320f0bc
Warn: containerImage not pinned by hash: alpine.Dockerfile:1: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:7e43a2d633d91e8655a6c0f45d2ed987aa4930f0792f6d9dd3bffc7496e44882
Warn: containerImage not pinned by hash: debian-aarch64.Dockerfile:1: pin your Docker image by updating messense/manylinux2014-cross:aarch64 to messense/manylinux2014-cross:aarch64@sha256:aa7ea5278544401d8f7071d5cb09f4ba3412c59c6506419921098cc8570d2576
Warn: containerImage not pinned by hash: debian-zig.Dockerfile:1: pin your Docker image by updating ghcr.io/napi-rs/napi-rs/nodejs-rust:lts-debian to ghcr.io/napi-rs/napi-rs/nodejs-rust:lts-debian@sha256:6e3aab240ddfa7dc803b66807659ced622a4dade6f4eb235efb88e5f61ef6965
Warn: containerImage not pinned by hash: debian.Dockerfile:1: pin your Docker image by updating messense/manylinux2014-cross:x86_64 to messense/manylinux2014-cross:x86_64@sha256:1f96d84010304ee50bf6aafe3df273a268d1c58aaf899fcefc4863e9176baa92
Warn: downloadThenRun not pinned by hash: debian-aarch64.Dockerfile:17-45
Warn: downloadThenRun not pinned by hash: debian.Dockerfile:14-42
Info: 0 out of 62 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 44 third-party GitHubAction dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned
Info: 0 out of 2 downloadThenRun dependencies pinned

0

SAST

Determines if the project uses static code analysis.

Score

5.1

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More