Gathering detailed insights and metrics for @percy/cli-snapshot
Gathering detailed insights and metrics for @percy/cli-snapshot
The Percy CLI is used to interact with, and upload snapshots to, percy.io via the command line.
Installations
npm install @percy/cli-snapshotDeveloper
Developer Guide
BETA
Module System
ESM
Min. Node Version
>=14
Typescript Support
No
Node Version
14.21.3
NPM Version
lerna/6.0.1/node@v14.21.3+x64 (linux)
Statistics
71 Stars
1,482 Commits
47 Forks
10 Watching
32 Branches
56 Contributors
Updated on 28 Nov 2024
Languages
JavaScript (99.37%)
TypeScript (0.44%)
Shell (0.19%)
Total Downloads
Cumulative downloads
Total Downloads
56,371,050
Last day
-8.8%
62,841
Compared to previous day
Last week
-0.4%
342,529
Compared to previous week
Last month
-2.5%
1,417,021
Compared to previous month
Last year
8.9%
19,386,914
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Versions
Percy CLI
The Percy CLI is used to interact with, and upload snapshots to, percy.io via the command line.
Installation
1$ npm install --save-dev @percy/cli
Command Topics
percy exec- capture and upload snapshotspercy snapshot- snapshot a static directory or a list of pagespercy upload- upload a static directory of imagespercy config- manage configuration filespercy build- interact with Percy builds
Advanced
In addition to the CLI packages, this repo contains core libraries responsible for Percy's CI/CD integrations, Percy API communication, DOM serialization, asset discovery, etc.
@percy/core- performs snapshot asset discovery and uploading@percy/client- handles communicating with the Percy API@percy/dom- serializes DOM snapshots@percy/env- captures CI build environment variables@percy/config- loads Percy configuration files@percy/logger- common logger used throughout the CLI@percy/sdk-utils- shared helpers for JavaScript SDKs@percy/cli-command- Percy CLI command framework
Issues
For problems directly related to the CLI, add an issue on GitHub.
For other issues, open a support request.
Developing
This project is built with lerna. The core libaries and CLI plugins are
located in ./packages. Run yarn to install dependencies after cloning the repo and
use the following scripts for various development tasks:
yarn build- build all packagesyarn build:watch- build and watch all packages in parallelyarn clean- clean up build and coverage outputyarn lint- lint all packagesyarn readme- generate cli commands readme usageyarn test- run all tests, one package after anotheryarn test:coverage- run all tests with coverage, one package after anotheryarn global:link- links all packages being developed as global.- requires
yarn buildto be run before consuming. - we can then consume this package using
yarn link @percy/[core|cli..] - Note: linking is only required once, subsequent changes for development requires running build command.
- requires
yarn global:unlink- unlinks all packages globally
Individual package scripts can be invoked using yarn's workspace command. For example:
1$ yarn workspace @percy/core test
How to update Chromium revision?
check in Core Package's readme here.
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
Found 15/16 approved changesets -- score normalized to 9
Reason
SAST tool is not run on all commits -- score normalized to 5
Details
- Warn: 16 commits out of 30 are checked with a SAST tool
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/executable.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/executable.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/executable.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/executable.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/executable.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/executable.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/executable.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/executable.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/executable.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/executable.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/executable.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/executable.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/executable.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/executable.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/lint.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/lint.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/lint.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sdk-regression.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/sdk-regression.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sdk-regression.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/sdk-regression.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sdk-regression.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/sdk-regression.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sdk-regression.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/sdk-regression.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sdk-regression.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/sdk-regression.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sdk-regression.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/sdk-regression.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sdk-regression.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/sdk-regression.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sdk-regression.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/sdk-regression.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/stale.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typecheck.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/typecheck.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typecheck.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/typecheck.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typecheck.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/typecheck.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/windows.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/windows.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/windows.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/windows.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/windows.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/windows.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/windows.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/percy/cli/windows.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: scripts/executable.sh:11
- Info: 2 out of 36 GitHub-owned GitHubAction dependencies pinned
- Info: 2 out of 8 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/Semgrep.yml:22
- Info: topLevel 'contents' permission set to 'read': .github/workflows/Semgrep.yml:16
- Warn: no topLevel permission defined: .github/workflows/executable.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/sdk-regression.yml:1
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Warn: no topLevel permission defined: .github/workflows/typecheck.yml:1
- Warn: no topLevel permission defined: .github/workflows/windows.yml:1
- Info: no jobLevel write permissions found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v1.30.2 not signed: https://api.github.com/repos/percy/cli/releases/185362294
- Warn: release artifact v1.30.1 not signed: https://api.github.com/repos/percy/cli/releases/180023481
- Warn: release artifact v1.30.0 not signed: https://api.github.com/repos/percy/cli/releases/178613458
- Warn: release artifact v1.29.5-beta.0 not signed: https://api.github.com/repos/percy/cli/releases/177616413
- Warn: release artifact v1.29.4 not signed: https://api.github.com/repos/percy/cli/releases/177261702
- Warn: release artifact v1.30.2 does not have provenance: https://api.github.com/repos/percy/cli/releases/185362294
- Warn: release artifact v1.30.1 does not have provenance: https://api.github.com/repos/percy/cli/releases/180023481
- Warn: release artifact v1.30.0 does not have provenance: https://api.github.com/repos/percy/cli/releases/178613458
- Warn: release artifact v1.29.5-beta.0 does not have provenance: https://api.github.com/repos/percy/cli/releases/177616413
- Warn: release artifact v1.29.4 does not have provenance: https://api.github.com/repos/percy/cli/releases/177261702
Score
4.6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More