Gathering detailed insights and metrics for @netlify/open-api
Gathering detailed insights and metrics for @netlify/open-api
Installations
npm install @netlify/open-apiScore
99.7
Supply Chain
100
Quality
88.5
Maintenance
100
Vulnerability
100
License
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=14
Typescript Support
Yes
Node Version
22.6.0
NPM Version
10.8.2
Statistics
263 Stars
973 Commits
84 Forks
55 Watching
20 Branches
75 Contributors
Updated on 27 Nov 2024
Bundle Size
193.02 kB
Minified
14.08 kB
Minified + Gzipped
Languages
Go (88.29%)
JavaScript (5.98%)
HTML (4%)
CSS (0.97%)
Makefile (0.76%)
Total Downloads
Cumulative downloads
Total Downloads
27,061,039
Last day
-21.6%
21,267
Compared to previous day
Last week
-3%
150,900
Compared to previous week
Last month
-4.2%
671,190
Compared to previous month
Last year
32.3%
7,244,932
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
This repository contains Netlify's API definition in the Open API format, formerly known as Swagger.
It's still a work in progress and we welcome feedback and contributions.
Usage
The swagger.yml file is the master copy of the Open API 2.0 definition. Additional context on using the API can be found on our docs site.
The spec is published and versioned for various ecosystems:
SwaggerUI (Web UI)
You can view the definition using Swagger UI by visiting open-api.netlify.com which provides limited interaction with the API from the browser.
Go Client
1$ go get github.com/netlify/open-api/...
- Porcelain: High level interactions and operations
- Plumbing: Low level client operations generated by go-swagger
- Models: Models generated by go-swagger
See CONTRIBUTING.md for details on how this client is developed and generated.
JS Client
We have a fully featured JS/Node.js client that implements some of the same 'porcelain' methods that the go client does in addition to the open-api methods.
See github.com/netlify/build/tree/main/packages/js-client for more details.
npm module
You can also consume the swagger spec as an npm module:
1$ npm install @netlify/open-api 2# or 3$ yarn add @netlify/open-api
1import spec from '@netlify/open-api' // import the spec object into your project
The module also ships a copy of the original yml spec file at @netlify/open-api/js/dist/swagger.yml. You can use these with generic swagger/open-api clients:
swagger-js
Swagger's JS client can dynamically create a client from a spec either from a URL or spec object.
See the swagger-js client:
Usage
1<script src='browser/swagger-client.js' type='text/javascript'></script> 2<script> 3var swaggerClient = new SwaggerClient('https://open-api.netlify.com/swagger.json'); 4</script>
Contributing
See CONTRIBUTING.md for more info on how to make contributions to this project.
License
MIT. See LICENSE for more details.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
all changesets reviewed
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release-please.yml:7
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/netlify/.github/SECURITY.md:1
- Info: Found linked content: github.com/netlify/.github/SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: github.com/netlify/.github/SECURITY.md:1
Reason
binaries present in source code
Details
- Warn: binary detected: go/internal/data/hello-go-binary-function:1
- Warn: binary detected: go/internal/data/hello-go-binary-function-background:1
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fossa.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/open-api/fossa.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/open-api/release-please.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/open-api/release-please.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/open-api/release-please.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/swagger-bump.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/open-api/swagger-bump.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/swagger-bump.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/open-api/swagger-bump.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/swagger-bump.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/open-api/swagger-bump.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/open-api/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/open-api/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/open-api/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/open-api/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go-src.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/open-api/verify-go-src.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go-src.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/netlify/open-api/verify-go-src.yml/master?enable=pin
- Warn: downloadThenRun not pinned by hash: .github/workflows/fossa.yml:22
- Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/fossa.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-please.yml:1
- Warn: no topLevel permission defined: .github/workflows/swagger-bump.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Warn: no topLevel permission defined: .github/workflows/verify-go-src.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
21 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9
- Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8
- Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3
- Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-gx9m-whjm-85jf
- Warn: Project is vulnerable to: GHSA-mmhx-hmjr-r674
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g
- Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
- Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
- Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
4.9
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More