Installations
npm install @napi-rs/cliReleases
386
napi-derive@3.0.0-alpha.19
napi-derive@3.0.0-alpha.19
Published on 13 Nov 2024
napi-derive@3.0.0-alpha.18
napi-derive@3.0.0-alpha.18
Published on 07 Nov 2024
napi@3.0.0-alpha.20
napi@3.0.0-alpha.20
Published on 07 Nov 2024
napi-derive@3.0.0-alpha.17
napi-derive@3.0.0-alpha.17
Published on 31 Oct 2024
napi@3.0.0-alpha.18
napi@3.0.0-alpha.18
Published on 31 Oct 2024
napi-sys@3.0.0-alpha.0
napi-sys@3.0.0-alpha.0
Published on 28 Oct 2024
Developer
Developer Guide
BETA
Module System
Unable to determine the module system for this package.
Min. Node Version
>= 10
Typescript Support
No
Node Version
18.20.3
NPM Version
lerna/8.0.2/node@v18.20.3+x64 (linux)
Statistics
6,179 Stars
2,888 Commits
278 Forks
29 Watching
13 Branches
123 Contributors
Updated on 28 Nov 2024
Languages
Rust (75.3%)
TypeScript (20.19%)
JavaScript (3.85%)
Dockerfile (0.66%)
Total Downloads
Cumulative downloads
Total Downloads
6,011,277
Last day
-16.6%
7,486
Compared to previous day
Last week
-6%
49,142
Compared to previous week
Last month
10%
222,499
Compared to previous month
Last year
47.6%
2,233,533
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
napi-rs
This project was initialized from xray
A framework for building compiled Node.js add-ons in Rust via Node-API. Website: https://napi.rs
Platform Support
MSRV
Rust 1.65.0
| node12 | node14 | node16 | node18 | node20 | |
|---|---|---|---|---|---|
| Windows x64 | ✓ | ✓ | ✓ | ✓ | ✓ |
| Windows x86 | ✓ | ✓ | ✓ | ✓ | ✓ |
| Windows arm64 | ✓ | ✓ | ✓ | ✓ | ✓ |
| macOS x64 | ✓ | ✓ | ✓ | ✓ | ✓ |
| macOS aarch64 | ✓ | ✓ | ✓ | ✓ | ✓ |
| Linux x64 gnu | ✓ | ✓ | ✓ | ✓ | ✓ |
| Linux x64 musl | ✓ | ✓ | ✓ | ✓ | ✓ |
| Linux aarch64 gnu | ✓ | ✓ | ✓ | ✓ | ✓ |
| Linux aarch64 musl | ✓ | ✓ | ✓ | ✓ | ✓ |
| Linux arm gnueabihf | ✓ | ✓ | ✓ | ✓ | ✓ |
| Linux arm muslebihf | ✓ | ✓ | ✓ | ✓ | ✓ |
| Linux powerpc64le gnu | ✓ | ✓ | ✓ | ✓ | ✓ |
| Linux s390x gnu | ✓ | ✓ | ✓ | ✓ | ✓ |
| Linux riscv64 gnu | N/A | N/A | ✓ | ✓ | ✓ |
| Linux aarch64 android | ✓ | ✓ | ✓ | ✓ | ✓ |
| Linux armv7 android | ✓ | ✓ | ✓ | ✓ | ✓ |
| FreeBSD x64 | ✓ | ✓ | ✓ | ✓ | ✓ |
This library depends on Node-API and requires Node@10.0.0 or later.
We already have some packages written by napi-rs: node-rs
One nice feature is that this crate allows you to build add-ons purely with the Rust/JavaScript toolchain and without involving node-gyp.
Taste
You can start from package-template to play with
napi-rs
Define JavaScript functions
1/// import the preludes 2use napi::bindgen_prelude::*; 3use napi_derive::napi; 4 5/// module registration is done by the runtime, no need to explicitly do it now. 6#[napi] 7fn fibonacci(n: u32) -> u32 { 8 match n { 9 1 | 2 => 1, 10 _ => fibonacci(n - 1) + fibonacci(n - 2), 11 } 12} 13 14/// use `Fn`, `FnMut` or `FnOnce` traits to defined JavaScript callbacks 15/// the return type of callbacks can only be `Result`. 16#[napi] 17fn get_cwd<T: Fn(String) -> Result<()>>(callback: T) { 18 callback(env::current_dir().unwrap().to_string_lossy().to_string()).unwrap(); 19} 20 21/// or, define the callback signature in where clause 22#[napi] 23fn test_callback<T>(callback: T) 24where T: Fn(String) -> Result<()> 25{} 26 27/// async fn, require `async` feature enabled. 28/// [dependencies] 29/// napi = {version="2", features=["async"]} 30#[napi] 31async fn read_file_async(path: String) -> Result<Buffer> { 32 tokio::fs::read(path) 33 .map(|r| match r { 34 Ok(content) => Ok(content.into()), 35 Err(e) => Err(Error::new( 36 Status::GenericFailure, 37 format!("failed to read file, {}", e), 38 )), 39 }) 40 .await 41}
more examples at examples
Building
This repository is a Cargo crate. Any napi-based add-on should contain Cargo.toml to make it a Cargo crate.
In your Cargo.toml you need to set the crate-type to "cdylib" so that cargo builds a C-style shared library that can be dynamically loaded by the Node executable. You'll also need to add this crate as a dependency.
1[package] 2name = "awesome" 3 4[lib] 5crate-type = ["cdylib"] 6 7[dependencies] 8napi = "3" 9napi-derive = "3" 10 11[build-dependencies] 12napi-build = "1"
And create build.rs in your own project:
1// build.rs 2extern crate napi_build; 3 4fn main() { 5 napi_build::setup(); 6}
So far, the napi build script has only been tested on macOS Linux Windows x64 MSVC and FreeBSD.
Install the @napi-rs/cli to help you build your Rust codes and copy Dynamic lib file to .node file in case you can require it in your program.
1{ 2 "package": "awesome-package", 3 "devDependencies": { 4 "@napi-rs/cli": "^1.0.0" 5 }, 6 "napi": { 7 "name": "jarvis" // <----------- Config the name of native addon, or the napi command will use the name of `Cargo.toml` for the binary file name. 8 }, 9 "scripts": { 10 "build": "napi build --release", 11 "build:debug": "napi build" 12 } 13}
Then you can require your native binding:
1require('./jarvis.node')
The module_name would be your package name in your Cargo.toml.
xxx => ./xxx.node
xxx-yyy => ./xxx_yyy.node
You can also copy Dynamic lib file to an appointed location:
1napi build [--release] ./dll 2napi build [--release] ./artifacts
There are documents which contains more details about the @napi-rs/cli usage.
Testing
Because libraries that depend on this crate must be loaded into a Node executable in order to resolve symbols, all tests are written in JavaScript in the test_module subdirectory.
To run tests:
1yarn build:test 2yarn test
Related projects
Features table
| Rust Type | Node Type | NAPI Version | Minimal Node version | Enable by napi feature |
|---|---|---|---|---|
| u32 | Number | 1 | v8.0.0 | |
| i32/i64 | Number | 1 | v8.0.0 | |
| f64 | Number | 1 | v8.0.0 | |
| bool | Boolean | 1 | v8.0.0 | |
| String/&'a str | String | 1 | v8.0.0 | |
| Latin1String | String | 1 | v8.0.0 | latin1 |
| UTF16String | String | 1 | v8.0.0 | |
| Object | Object | 1 | v8.0.0 | |
| serde_json::Map | Object | 1 | v8.0.0 | serde-json |
| serde_json::Value | any | 1 | v8.0.0 | serde-json |
| Array | Array | 1 | v8.0.0 | |
| Vec | Array | 1 | v8.0.0 | |
| Buffer | Buffer | 1 | v8.0.0 | |
| External | External | 1 | v8.0.0 | |
| Null | null | 1 | v8.0.0 | |
| Undefined/() | undefined | 1 | v8.0.0 | |
| Result<()> | Error | 1 | v8.0.0 | |
| T: Fn(...) -> Result | Function | 1 | v8.0.0 | |
| Async/Future | Promise | 4 | v10.6.0 | async |
| AsyncTask | Promise | 1 | v8.5.0 | |
| JsGlobal | global | 1 | v8.0.0 | |
| JsSymbol | Symbol | 1 | v8.0.0 | |
| Int8Array/Uint8Array ... | TypedArray | 1 | v8.0.0 | |
| JsFunction | threadsafe function | 4 | v10.6.0 | napi4 |
| BigInt | BigInt | 6 | v10.7.0 | napi6 |
No vulnerabilities found.
Reason
30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker.yaml:65
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Reason
Found 4/26 approved changesets -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/asan.yml:1
- Warn: no topLevel permission defined: .github/workflows/bench.yaml:1
- Warn: no topLevel permission defined: .github/workflows/docker.yaml:1
- Warn: no topLevel permission defined: .github/workflows/memory-test.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/test-release.yaml:15
- Warn: no topLevel permission defined: .github/workflows/zig.yaml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/asan.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/asan.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/asan.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/asan.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/asan.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/asan.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/asan.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/asan.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/bench.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/bench.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/bench.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/bench.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/bench.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/bench.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yaml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/docker.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/memory-test.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/memory-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/memory-test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/memory-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/memory-test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/memory-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/memory-test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/memory-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/memory-test.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/memory-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:264: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:270: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:309: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:315: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:321: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:339: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:343: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:494: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:497: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:503: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:509: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:528: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:677: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:678: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:597: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:599: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:604: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:609: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:638: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:639: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:643: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:648: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:653: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:369: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:372: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:384: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:393: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:406: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:457: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:460: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:464: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:468: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:478: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:538: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:541: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:547: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:552: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-release.yaml:582: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yaml:585: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/test-release.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/zig.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/zig.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/zig.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zig.yaml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/zig.yaml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/zig.yaml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/zig.yaml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/napi-rs/napi-rs/zig.yaml/main?enable=pin
- Warn: containerImage not pinned by hash: alpine-zig.Dockerfile:1: pin your Docker image by updating ghcr.io/napi-rs/napi-rs/nodejs-rust:lts-alpine to ghcr.io/napi-rs/napi-rs/nodejs-rust:lts-alpine@sha256:55a9cea3e298935a41bc8a0536db0d2b076377627e42774dd418ecc51320f0bc
- Warn: containerImage not pinned by hash: alpine.Dockerfile:1: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:7e43a2d633d91e8655a6c0f45d2ed987aa4930f0792f6d9dd3bffc7496e44882
- Warn: containerImage not pinned by hash: debian-aarch64.Dockerfile:1: pin your Docker image by updating messense/manylinux2014-cross:aarch64 to messense/manylinux2014-cross:aarch64@sha256:aa7ea5278544401d8f7071d5cb09f4ba3412c59c6506419921098cc8570d2576
- Warn: containerImage not pinned by hash: debian-zig.Dockerfile:1: pin your Docker image by updating ghcr.io/napi-rs/napi-rs/nodejs-rust:lts-debian to ghcr.io/napi-rs/napi-rs/nodejs-rust:lts-debian@sha256:6e3aab240ddfa7dc803b66807659ced622a4dade6f4eb235efb88e5f61ef6965
- Warn: containerImage not pinned by hash: debian.Dockerfile:1: pin your Docker image by updating messense/manylinux2014-cross:x86_64 to messense/manylinux2014-cross:x86_64@sha256:1f96d84010304ee50bf6aafe3df273a268d1c58aaf899fcefc4863e9176baa92
- Warn: downloadThenRun not pinned by hash: debian-aarch64.Dockerfile:17-45
- Warn: downloadThenRun not pinned by hash: debian.Dockerfile:14-42
- Info: 0 out of 62 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 44 third-party GitHubAction dependencies pinned
- Info: 0 out of 5 containerImage dependencies pinned
- Info: 0 out of 2 downloadThenRun dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 22 are checked with a SAST tool
Score
5.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More