Gathering detailed insights and metrics for @oclif/plugin-update
Gathering detailed insights and metrics for @oclif/plugin-update
Installations
npm install @oclif/plugin-updateDeveloper
oclif
Developer Guide
BETA
Module System
ESM
Min. Node Version
>=18.0.0
Typescript Support
No
Node Version
22.11.0
NPM Version
10.9.0
Statistics
51 Stars
947 Commits
25 Forks
3 Watching
1 Branches
18 Contributors
Updated on 25 Nov 2024
Languages
TypeScript (98.78%)
JavaScript (0.97%)
Batchfile (0.25%)
Total Downloads
Cumulative downloads
Total Downloads
33,805,089
Last day
-7.5%
56,537
Compared to previous day
Last week
-3%
299,665
Compared to previous week
Last month
5.8%
1,320,885
Compared to previous month
Last year
51.7%
14,409,653
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
28
@commitlint/config-conventional@oclif/plugin-help@oclif/prettier-config@types/chai@types/debug@types/execa@types/mocha@types/node@types/semver@types/sinon@types/tar-fschaicommitlinteslinteslint-config-oclifeslint-config-oclif-typescripteslint-config-prettierhuskylint-stagedmochanockoclifprettiershxsinonstrip-ansits-nodetypescript
Versions
@oclif/plugin-update
Usage
See https://oclif.io/docs/releasing.html#autoupdater
Commands
oclif-example update [CHANNEL]
update the oclif-example CLI
USAGE
$ oclif-example update [CHANNEL] [--force | | [-a | -v <value> | -i]] [-b ]
FLAGS
-a, --available See available versions.
-b, --verbose Show more details about the available versions.
-i, --interactive Interactively select version to install. This is ignored if a channel is provided.
-v, --version=<value> Install a specific version.
--force Force a re-download of the requested version.
DESCRIPTION
update the oclif-example CLI
EXAMPLES
Update to the stable channel:
$ oclif-example update stable
Update to a specific version:
$ oclif-example update --version 1.0.0
Interactively select version:
$ oclif-example update --interactive
See available versions:
$ oclif-example update --available
See code: src/commands/update.ts
Contributing
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/failureNotifications.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/plugin-update/failureNotifications.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/notify-slack-on-pr-open.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/plugin-update/notify-slack-on-pr-open.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/onRelease.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/plugin-update/onRelease.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/onRelease.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/plugin-update/onRelease.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/plugin-update/stale.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/plugin-update/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/plugin-update/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/oclif/plugin-update/test.yml/main?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
Reason
Found 0/9 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/automerge.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-github-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/failureNotifications.yml:1
- Warn: no topLevel permission defined: .github/workflows/notify-slack-on-pr-open.yml:1
- Warn: no topLevel permission defined: .github/workflows/onRelease.yml:1
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 21 are checked with a SAST tool
Reason
12 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-rrc9-gqf8-8rwg
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-c6rq-rjc2-86v2
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
- Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
- Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Score
3.8
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More