npmpackage.info

@npmcli/ci-detect

Detect what kind of CI environment the program is in

3.0.2

ISC

JavaScript

845.00 B

223,108,025 4.1

Installations

npm install @npmcli/ci-detect

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

^14.17.0 || ^16.13.0 || >=18.0.0

Node Version

18.12.0

NPM Version

9.1.1 Score

99.9

Supply Chain

93.6

Quality

81.7

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

0

Total

53

Closed

21

Merged

32

Issues

Open

0

Total

4

Closed

4

Releases

v3.0.2

Updated on Nov 10, 2022

v3.0.1

Updated on Oct 19, 2022

v3.0.0

Updated on Oct 04, 2022

@npmcli/ci-detect v2.0.0

v2.0.0

Updated on Feb 10, 2022

View All 4 releases

Contributors

Unable to fetch Contributors

View All 73 Contributors

Languages

JavaScript

JavaScript (100%)

Love this project? Help keep it running — sponsor us today! 🚀

Developer

npm

Download Statistics

Total Downloads

223,108,025

Last Day

74,105

Last Week

462,489

Last Month

2,004,690

Last Year

27,612,160

GitHub Statistics

ISC License

53 Stars

73 Commits

13 Forks

5 Watchers

2 Branches

73 Contributors

Updated on Nov 15, 2023

Bundle Size

1.86 kB

Minified

845.00 B

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

3.0.2

Package Id

@npmcli/ci-detect@3.0.2

Unpacked Size

6.79 kB

Size

3.14 kB

File Count

NPM Version

9.1.1

Node Version

18.12.0

Total Downloads

Cumulative downloads

Total Downloads

223,108,025

Last Day

-5.2%

74,105

Compared to previous day

Last Week

-1.1%

462,489

Compared to previous week

Last Month

24.9%

2,004,690

Compared to previous month

Last Year

-35.4%

27,612,160

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

@npmcli/eslint-config @npmcli/template-oss tap

@npmcli/ci-detect

Detect what kind of CI environment the program is in

USAGE

1const ciDetect = require('@npmcli/ci-detect')
2// false if not in CI
3// otherwise, a string indicating the CI environment type
4const inCI = ciDetect()

CIs Detected

Returns one of the following strings, or false if none match, by looking at the appropriate environment variables.

Anything that sets the CI_NAME environment variable will return the value as the result. (This is how CodeShip is detected.)
'aws-codebuild' AWS CodeBuild
'azure-pipelines' Azure Pipelines
'bamboo' Bamboo
'bitbucket-pipelines' Bitbucket Pipelines
'bitrise' Bitrise
'buddy' Buddy
'builder' Google Cloud Builder - This one is a bit weird. It doesn't really set anything that can be reliably detected except BUILDER_OUTPUT, so it can get false positives pretty easily.
'buildkite' Buildkite
'circleci' Circle-CI
'cirrus' Cirrus CI
'codeship' CodeShip
'custom' anything else that sets CI environment variable to either '1' or 'true'.
'drone' Drone
'dsari' dsari CI
'gerrit' Gerrit
'github-actions' GitHub Actions
'gitlab' GitLab
'gocd' GoCD
'heroku' Heroku
'hudson' Hudson CI
'jenkins' Jenkins
'magnum' Magnum CI
'netlify' Netlify
'nevercode' Nevercode
'now' Zeit.co's Now service, but not GitHub/BitBucket/GitLab
'now-bitbucket' Zeit.co's Now for BitBucket deployment service
'now-github' Zeit.co's Now for GitHub deployment service
'now-gitlab' Zeit.co's Now for GitLab deployment service
'render' Render CI
'sail' Sail CI
'screwdriver' Screwdriver CI
'semaphore' Semaphore
'shippable' Shippable
'strider' Strider CI
'taskcluster' Mozilla Taskcluster
'tddium' TDDium
'teamcity' TeamCity
'travis-ci' Travis-CI - A few other CI systems set TRAVIS=1 in the environment, because devs use that to indicate "test mode", so this one can get some false positives, and is tested later in the process to minimize this effect.
'vercel' Vercel
'vercel-bitbucket' Vercel Bitbucket
'vercel-github' Vercel GitHub
'vercel-gitlab' Vercel Gitlab
'wercker' Oracle Wercker
'woodpecker' Woodpecker CI

Caveats

Since any program can set or unset whatever environment variables they want, this is not 100% reliable.

Also, if your program does different behavior in CI/test/deployment than other places, then there's a good chance that you're doing something wrong!

But, for little niceties like setting colors or other output parameters, or logging and that sort of non-essential thing, this module provides a way to tweak without checking a bunch of things in a bunch of places. Mostly, it's a single place to keep a note of what CI system sets which environment variable.

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/post-dependabot.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/post-dependabot.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/post-dependabot.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:325: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:380: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:228: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:266: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/ci-detect/release.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/audit.yml:32
Warn: npmCommand not pinned by hash: .github/workflows/audit.yml:36
Warn: npmCommand not pinned by hash: .github/workflows/ci-release.yml:87
Warn: npmCommand not pinned by hash: .github/workflows/ci-release.yml:91
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:37
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:41
Warn: npmCommand not pinned by hash: .github/workflows/post-dependabot.yml:33
Warn: npmCommand not pinned by hash: .github/workflows/post-dependabot.yml:37
Warn: npmCommand not pinned by hash: .github/workflows/pull-request.yml:36
Warn: npmCommand not pinned by hash: .github/workflows/pull-request.yml:40
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:51
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:55
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:164
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:168
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:330
Info: 0 out of 29 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 9 third-party GitHubAction dependencies pinned
Info: 0 out of 15 npmCommand dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

Score

4.1

/10

Last Scanned on 2025-02-10

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to @npmcli/ci-detect

@types/npmcli__ci-detect

2.0.3

TypeScript definitions for @npmcli/ci-detect