Gathering detailed insights and metrics for @nuxtjs/opencollective
Gathering detailed insights and metrics for @nuxtjs/opencollective
🤝 Pretty opencollective stats on postinstall!
Installations
npm install @nuxtjs/opencollectiveDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=8.0.0
Node Version
14.15.0
NPM Version
6.14.8
Score
83.4
Supply Chain
97.9
Quality
82
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Contributors
10
Languages
1
JavaScript
JavaScript (100%)
Developer
nuxt-contrib
Download Statistics
Total Downloads
393,933,527
Last Day
251,860
Last Week
1,617,218
Last Month
12,514,476
Last Year
152,406,508
GitHub Statistics
27 Stars
86 Commits
14 Forks
3 Watching
7 Branches
10 Contributors
Bundle Size
35.40 kB
Minified
12.56 kB
Minified + Gzipped
Maintainers
3
Package Meta Information
Latest Version
0.3.2
Package Id
@nuxtjs/opencollective@0.3.2
Size
7.25 kB
NPM Version
6.14.8
Node Version
14.15.0
Publised On
04 Nov 2020
Total Downloads
Cumulative downloads
Total Downloads
393,933,527
Last day
-22.6%
251,860
Compared to previous day
Last week
-40.7%
1,617,218
Compared to previous week
Last month
-13.2%
12,514,476
Compared to previous month
Last year
35.9%
152,406,508
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
@nuxt/opencollective ???? Pretty opencollective stats on postinstall!
Features
Displaying opencollective statistics and a donation URL after users install a package is important for many creators. After problems with current packages that offer similar features, we decided to spin off our one own. Our key goals are:
- No interference/problems when installing packages. Never break installation because of the package
- Pretty output for all information
- Decent configurability
- Seamless drop-in for common solutions
Setup
- Add
@nuxt/opencollectivedependency using yarn or npm to your project - Add the script to
postinstallin your package.json
1{ 2 // ... 3 "scripts": { 4 "postinstall": "opencollective || exit 0" 5 }, 6 "collective": { 7 "url": "https://opencollective.com/nuxtjs" 8 } 9 // ... 10}
- Configure it
Configuration
Configuration is applied through your project's package.json.
A full configuration looks like:
1{ 2 "collective": { 3 "url": "https://opencollective.com/nuxtjs", 4 "logoUrl": "https://opencollective.com/nuxtjs/logo.txt?reverse=true&variant=variant2", 5 "donation": { 6 "slug": "/order/591", 7 "amount": "50", 8 "text": "Please donate:" 9 } 10 } 11}
| Attribute | Optional | Default | Comment |
|---|---|---|---|
| url | ❌ | - | The URL to your opencollective page |
| logo | ✅ | - | LEGACY: The URL to the logo that should be displayed. Please use logoUrl instead. |
| logoUrl | ✅ | - | The URL to the ASCII-logo that should be displayed. |
| donation.slug | ✅ | '/donate' | The slug that should be appended to url. Can be used to setup a specific order. |
| donation.amount | ✅ | - | The default amount that should be selected on the opencollective page. |
| donation.text | ✅ | 'Donate:' | The text that will be displayed before your donation url. |
Disable message
We know the postinstall messages can be annoying when deploying in production or running a CI pipeline. That's why the message is disabled in those environments by default.
Enabled when one the following environment variables is set:
NODE_ENV=devNODE_ENV=developmentOPENCOLLECTIVE_FORCE
Strictly Disabled when one the following environment variables is set:
OC_POSTINSTALL_TESTOPENCOLLECTIVE_HIDECICONTINUOUS_INTEGRATIONNODE_ENV(set and notdevordevelopment)DISABLE_OPENCOLLECTIVE(set to any string value that is not'false'or'0', for compatability with opencollective-postinatall)
Development
- Clone this repository
- Install dependencies using
yarn installornpm install - Run it manually
path/to/project/root/src/index.js path/to/package/you/want/to/try - Run tests with
npm toryarn test
Inspiration
This project is heavily inspired by opencollective-cli.
License
MIT License MIT. Made with ????
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
19 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Reason
Found 1/14 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/nuxt-contrib/opencollective/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/nuxt-contrib/opencollective/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/nuxt-contrib/opencollective/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/nuxt-contrib/opencollective/ci.yml/main?enable=pin
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 17 are checked with a SAST tool
Score
4
/10
Last Scanned on 2025-01-06
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More