Installations
npm install @nodesecure/npm-registry-sdkDeveloper Guide
Typescript
Yes
Module System
ESM
Node Version
20.13.1
NPM Version
10.5.2
Releases
Contributors
Languages
TypeScript (99.53%)
JavaScript (0.47%)
Developer
NodeSecure
Download Statistics
Total Downloads
36,578
Last Day
42
Last Week
315
Last Month
1,433
Last Year
13,921
GitHub Statistics
9 Stars
138 Commits
8 Forks
2 Watching
1 Branches
15 Contributors
Maintainers
Package Meta Information
Latest Version
3.0.0
Package Id
@nodesecure/npm-registry-sdk@3.0.0
Unpacked Size
30.54 kB
Size
8.75 kB
File Count
33
NPM Version
10.5.2
Node Version
20.13.1
Publised On
05 Jul 2024
Total Downloads
Cumulative downloads
Total Downloads
36,578
Last day
250%
42
Compared to previous day
Last week
19.3%
315
Compared to previous week
Last month
2.9%
1,433
Compared to previous month
Last year
12.5%
13,921
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
6
Node.js SDK to fetch data from the npm API (with up to date TypeScript types)
Getting Started
This package is available in the Node Package Repository and can be easily installed with npm or yarn.
1$ npm i @nodesecure/npm-registry-sdk 2# or 3$ yarn add @nodesecure/npm-registry-sdk
Usage example
1import * as Npm from "@nodesecure/npm-registry-sdk"; 2 3const packument: Npm.Packument = await Npm.packument("express"); 4console.log(packument);
packument and packumentVersion take an optional payload options which can be used to provide an NPM token.
1import * as Npm from "@nodesecure/npm-registry-sdk"; 2 3const user: NpmUserProfile = await Npm.user("test-user"); 4console.log(user);
user takes an optional payload pagination which can be used to set page number and page size to be used for paginated properties of the user like pacakges.
API
getNpmRegistryURL(): string
getLocalRegistryURL(): string
setLocalRegistryURL(value: string | URL): string
loadRegistryURLFromLocalSystem(mixins?: LoadRegistryMixins): string
1interface LoadRegistryMixins { 2 spawn?: typeof spawnSync; 3}
metadata(): Promise<NpmRegistryMetadata>
1interface NpmRegistryMetadata { 2 db_name: string; 3 doc_count: number; 4 doc_del_count: number; 5 update_seq: number; 6 purge_seq: number; 7 compact_running: boolean; 8 disk_size: number; 9 data_size: number; 10 instance_start_time: string; 11 disk_format_version: number; 12 committed_update_seq: number; 13}
packument(name: string, options?: PackumentOptions): Promise<Packument>
1interface Packument { 2 _id: string; 3 _rev: string; 4 name: string; 5 readme?: string; 6 description?: string; 7 'dist-tags': { latest?: string } & ObjectOfStrings; 8 versions: { 9 [key: string]: PackumentVersion 10 }; 11 maintainers: Maintainer[]; 12 time: { 13 modified: string, 14 created: string, 15 [key: string]: string 16 }; 17 users?: { 18 [key: string]: boolean; 19 } 20 contributors?: Maintainer[]; 21 homepage?: string; 22 keywords?: string[]; 23 repository?: Repository; 24 author?: Maintainer; 25 bugs?: { url: string }; 26 license: string; 27 // left out users (stars) deprecated, and attachments (does nothing) 28 readmeFilename?: string; 29}
packumentVersion(name: string, version: string, options?: PackumentOptions): Promise<PackumentVersion>
1type PackumentVersion = PackageJson & { 2 gitHead?: string; 3 maintainers: Maintainer[]; 4 dist: Dist; 5 types?: string; 6 deprecated?: string; 7 _id: string; 8 _npmVersion: string; 9 _nodeVersion: string; 10 _npmUser: Maintainer; 11 _hasShrinkwrap?: boolean; 12 _engineSupported?: boolean; 13 _defaultsLoaded?: boolean; 14 _npmOperationalInternal?: { 15 host: string; 16 tmp: string; 17 } 18};
downloads(pkgName: string, period: Period = "last-week"): Promise< NpmPackageDownload >
1interface NpmPackageDownload { 2 downloads: number; 3 start: string; 4 end: string; 5 package: string; 6}
user(username: string, pagination: Partial< Pagination > = {}): Promise< NpmUserProfile >
1interface Pagination { 2 perPage: number; 3 page: number; 4} 5 6interface NpmPackage { 7 id: number; 8 name: string; 9 description: string; 10 maintainers: string[]; 11 version: string; 12} 13 14interface NpmUserProfile { 15 id: number; 16 name: string; 17 fullname?: string; 18 accounts: { 19 twitter?: string; 20 github?: string; 21 }; 22 avatars: { 23 small: string; 24 medium: string; 25 large: string; 26 }; 27 packages: { 28 total: number; 29 objects: NpmPackage[]; 30 urls: { 31 next: string; 32 prev: string; 33 } 34 }; 35 pagination: Pagination; 36}
Contributors ✨
Thanks goes to these wonderful people (emoji key):
 Gentilhomme 💻 📖 👀 🛡️ 🐛 |  Quentin Lepateley 💻 📖 👀 |  Nicolas Hallaert 📖 |  tekeuange23 💻 |  Tony Gorez 💻 |  hiroki osame 💻 |  Kouadio Fabrice Nguessan 🚧 |
 PierreDemailly 💻 📖 ⚠️ |  Kishore 💻 ⚠️ 📖 |
License
MIT
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
project has 11 contributing companies or organizations
Details
- Info: NodeSecure contributor org/company found, dashlog contributor org/company found, OpenAlly contributor org/company found, myunisoft contributor org/company found, AntarkaGame contributor org/company found, UIM-Community contributor org/company found, SlimIO contributor org/company found, MyUnisoft contributor org/company found, nodejs contributor org/company found, ES-Community contributor org/company found, TopCli contributor org/company found,
Reason
no dangerous workflow patterns detected
Reason
update tool detected
Details
- Info: detected update tool: Dependabot: .github/dependabot.yml:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/node.js.yml:45
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24
- Info: topLevel 'contents' permission set to 'read': .github/workflows/node.js.yml:13
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
Reason
0 existing vulnerabilities detected
Reason
20 out of 21 merged PRs checked by a CI test -- score normalized to 9
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 26 commits out of 27 are checked with a SAST tool
Reason
10 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Reason
dependency not pinned by hash detected -- score normalized to 8
Details
- Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:36
- Info: 9 out of 9 GitHub-owned GitHubAction dependencies pinned
- Info: 5 out of 5 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
Found 10/13 approved changesets -- score normalized to 7
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
8.5
/10
Last Scanned on 2025-01-26T18:39:54Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More