Gathering detailed insights and metrics for @nodesecure/npm-registry-sdk
Gathering detailed insights and metrics for @nodesecure/npm-registry-sdk
Node.js SDK to fetch data from the npm API.
Installations
npm install @nodesecure/npm-registry-sdkDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
20.13.1
NPM Version
10.5.2
Score
81
Supply Chain
98.3
Quality
82.4
Maintenance
100
Vulnerability
100
License
Releases
11
Languages
2
TypeScript
JavaScript
TypeScript (99.53%)
JavaScript (0.47%)
Developer
NodeSecure
Download Statistics
Total Downloads
47,073
Last Day
213
Last Week
1,799
Last Month
6,380
Last Year
20,092
GitHub Statistics
MIT License
9 Stars
145 Commits
8 Forks
2 Watchers
1 Branches
15 Contributors
Updated on Jul 01, 2025
Maintainers
5
Package Meta Information
Latest Version
3.0.0
Package Id
@nodesecure/npm-registry-sdk@3.0.0
Unpacked Size
30.54 kB
Size
8.75 kB
File Count
33
NPM Version
10.5.2
Node Version
20.13.1
Published on
Jul 05, 2024
Total Downloads
Cumulative downloads
Total Downloads
47,073
Last Day
-69.5%
213
Compared to previous day
Last Week
-29.7%
1,799
Compared to previous week
Last Month
374.7%
6,380
Compared to previous month
Last Year
56.5%
20,092
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
6
Node.js SDK to fetch data from the npm API (with up to date TypeScript types)
Getting Started
This package is available in the Node Package Repository and can be easily installed with npm or yarn.
1$ npm i @nodesecure/npm-registry-sdk 2# or 3$ yarn add @nodesecure/npm-registry-sdk
Usage example
1import * as Npm from "@nodesecure/npm-registry-sdk"; 2 3const packument: Npm.Packument = await Npm.packument("express"); 4console.log(packument);
packument and packumentVersion take an optional payload options which can be used to provide an NPM token.
1import * as Npm from "@nodesecure/npm-registry-sdk"; 2 3const user: NpmUserProfile = await Npm.user("test-user"); 4console.log(user);
user takes an optional payload pagination which can be used to set page number and page size to be used for paginated properties of the user like pacakges.
API
getNpmRegistryURL(): string
getLocalRegistryURL(): string
setLocalRegistryURL(value: string | URL): string
loadRegistryURLFromLocalSystem(mixins?: LoadRegistryMixins): string
1interface LoadRegistryMixins { 2 spawn?: typeof spawnSync; 3}
metadata(): Promise<NpmRegistryMetadata>
1interface NpmRegistryMetadata { 2 db_name: string; 3 doc_count: number; 4 doc_del_count: number; 5 update_seq: number; 6 purge_seq: number; 7 compact_running: boolean; 8 disk_size: number; 9 data_size: number; 10 instance_start_time: string; 11 disk_format_version: number; 12 committed_update_seq: number; 13}
packument(name: string, options?: PackumentOptions): Promise<Packument>
1interface Packument { 2 _id: string; 3 _rev: string; 4 name: string; 5 readme?: string; 6 description?: string; 7 'dist-tags': { latest?: string } & ObjectOfStrings; 8 versions: { 9 [key: string]: PackumentVersion 10 }; 11 maintainers: Maintainer[]; 12 time: { 13 modified: string, 14 created: string, 15 [key: string]: string 16 }; 17 users?: { 18 [key: string]: boolean; 19 } 20 contributors?: Maintainer[]; 21 homepage?: string; 22 keywords?: string[]; 23 repository?: Repository; 24 author?: Maintainer; 25 bugs?: { url: string }; 26 license: string; 27 // left out users (stars) deprecated, and attachments (does nothing) 28 readmeFilename?: string; 29}
packumentVersion(name: string, version: string, options?: PackumentOptions): Promise<PackumentVersion>
1type PackumentVersion = PackageJson & { 2 gitHead?: string; 3 maintainers: Maintainer[]; 4 dist: Dist; 5 types?: string; 6 deprecated?: string; 7 _id: string; 8 _npmVersion: string; 9 _nodeVersion: string; 10 _npmUser: Maintainer; 11 _hasShrinkwrap?: boolean; 12 _engineSupported?: boolean; 13 _defaultsLoaded?: boolean; 14 _npmOperationalInternal?: { 15 host: string; 16 tmp: string; 17 } 18};
downloads(pkgName: string, period: Period = "last-week"): Promise< NpmPackageDownload >
1interface NpmPackageDownload { 2 downloads: number; 3 start: string; 4 end: string; 5 package: string; 6}
user(username: string, pagination: Partial< Pagination > = {}): Promise< NpmUserProfile >
1interface Pagination { 2 perPage: number; 3 page: number; 4} 5 6interface NpmPackage { 7 id: number; 8 name: string; 9 description: string; 10 maintainers: string[]; 11 version: string; 12} 13 14interface NpmUserProfile { 15 id: number; 16 name: string; 17 fullname?: string; 18 accounts: { 19 twitter?: string; 20 github?: string; 21 }; 22 avatars: { 23 small: string; 24 medium: string; 25 large: string; 26 }; 27 packages: { 28 total: number; 29 objects: NpmPackage[]; 30 urls: { 31 next: string; 32 prev: string; 33 } 34 }; 35 pagination: Pagination; 36}
Contributors ✨
Thanks goes to these wonderful people (emoji key):
 Gentilhomme 💻 📖 👀 🛡️ 🐛 |  Quentin Lepateley 💻 📖 👀 |  Nicolas Hallaert 📖 |  tekeuange23 💻 |  Tony Gorez 💻 |  hiroki osame 💻 |  Kouadio Fabrice Nguessan 🚧 |
 PierreDemailly 💻 📖 ⚠️ |  Kishore 💻 ⚠️ 📖 |
License
MIT
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no binaries found in the repo
Reason
update tool detected
Details
- Info: detected update tool: Dependabot: .github/dependabot.yml:1
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/node.js.yml:45
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24
- Info: topLevel 'contents' permission set to 'read': .github/workflows/node.js.yml:13
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
project has 12 contributing companies or organizations
Details
- Info: found contributions from: AntarkaGame, ES-Community, MyUnisoft, NodeSecure, OpenAlly, SlimIO, TopCli, UIM-Community, dashlog, myunisoft, nodejs, openally
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 24 commits out of 29 are checked with a SAST tool
Reason
Found 7/8 approved changesets -- score normalized to 8
Reason
dependency not pinned by hash detected -- score normalized to 8
Details
- Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:36
- Info: 9 out of 9 GitHub-owned GitHubAction dependencies pinned
- Info: 5 out of 5 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
18 out of 23 merged PRs checked by a CI test -- score normalized to 7
Reason
4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
8.1
/10
Last Scanned on 2025-06-29T18:45:45Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More