npmpackage.info

Gathering detailed insights and metrics for @polkadot/apps-config

Other packages similar to @polkadot/apps-config

@polkadot/apps-routing

0.39.1

The routing config for the application

@subscan/parachains-info

2.2.6

This package contains info of parachain projects used in Subscan parachain module based on @polkadot/apps-config.

Gathering detailed insights and metrics for @polkadot/apps-config

@polkadot/apps-config - 0.160.1 | npmpackage.info

@polkadot/apps-config

Basic Polkadot/Substrate UI for interacting with a Polkadot and Substrate node. This is the main user-facing application, allowing access to all features available on Substrate chains.

0.160.1

1,796

Apache-2.0

TypeScript

28.30 MB

Installations

npm install @polkadot/apps-config

Developer Guide

BETA

Typescript

Yes

Module System

ESM

Min. Node Version

>=18

Node Version

22.17.0

NPM Version

10.9.2 Pull Requests

Open

16

Total

7,446

Closed

523

Merged

6,907

Issues

Open

166

Total

4,167

Closed

4,001

Releases

128

v0.160.1

Updated on Jul 07, 2025

v0.159.1

Updated on Jun 19, 2025

v0.158.1

Updated on Jun 06, 2025

v0.157.1

Updated on Jun 02, 2025

v0.156.1

Updated on May 16, 2025

v0.155.1

Updated on May 05, 2025

View All 128 releases

Languages

TypeScript

JavaScript

HTML

Shell

Dockerfile

TypeScript (99.83%)

JavaScript (0.13%)

HTML (0.02%)

Shell (0.01%)

Developer

polkadot-js

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

Apache-2.0 License

1,796 Stars

13,830 Commits

1,587 Forks

66 Watchers

20 Branches

599 Contributors

Updated on Jul 10, 2025

Maintainers

View All 599 Contributors

Package Meta Information

Latest Version

0.160.1

Package Id

@polkadot/apps-config@0.160.1

Unpacked Size

28.30 MB

Size

10.52 MB

File Count

2,247

NPM Version

10.9.2

Node Version

22.17.0

Published on

Jul 07, 2025

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@acala-network/type-definitions @bifrost-finance/type-definitions @crustio/type-definitions @darwinia/types @darwinia/types-known @digitalnative/type-definitions @docknetwork/node-types @edgeware/node-types @equilab/definitions @fragnova/api-augment @frequency-chain/api-augment @interlay/interbtc-types @jamton/parachain-ts-interfaces @kiltprotocol/type-definitions @laminar/type-definitions @logion/node-api @mangata-finance/type-definitions @metaverse-network-sdk/type-definitions @moonbeam-network/types-bundle @parallel-finance/type-definitions @peaqnetwork/type-definitions @pendulum-chain/type-definitions @phala/typedefs @polkadot/api @polkadot/api-derive @polkadot/networks @polkadot/react-identicon @polkadot/types @polkadot/types-codec @polkadot/util @polkadot/util-crypto @polkadot/wasm-util @polkadot/x-fetch @polkadot/x-ws @polymeshassociation/polymesh-types @snowfork/snowbridge-types @sora-substrate/type-definitions @subsocial/definitions @unique-nft/opal-testnet-types @unique-nft/quartz-mainnet-types @unique-nft/sapphire-mainnet-types @unique-nft/unique-mainnet-types @zeitgeistpm/type-defs @zeroio/type-definitions pontem-types-bundle rxjs tslib

@polkadot/apps-config

General config for various services, including settings, external links & types. This is a central source of all the configuration settings that can be tweaked. This also means that it can be customized (via PR) to support any additional chains. The internals are split into a number of settings -

api - Here you can add any chain or node-type specific types configuration. When added, it means that when the UI connects to either a runtime with a spec name, or a chain with a specific name, the types will be automatically added to the API as used in the app.
endpoints - Configuration for specific per-type chain endpoints.

Customization for each of these are discussed next.

Api

The API config can be done in one of two ways -

chain - Here we are mapping to a specific chain name. Generally the next type would be preferred, however if you are supporting multiple chains with individual configs, you would probably want to add the chain-specific information in here.
spec - Here we are mapping from the runtime spec name of the chain to specific types. This means that when connected to a specific spec, these types will be injected.

The actual type definitions you should be familiar with, it is exactly the same as you would upload via the settings page in JSON, or as detailed in the API types pages.

Endpoints

Add your chain logo (if available) to either ui/logos/chains or ui/logos/nodes (the second is generally used)
Run the image build command to generate an inline version via yarn build:images
Add your chain to endpoints/{production, productionRelay, testing, testingRelay*} as applicable for your deployment
The ui.color specifies the chain color, the ui.logo (imported from generated), specifies the specific logo

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

4

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

3

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 3

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chain-endpoints.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/apps/chain-endpoints.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chain-endpoints.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/apps/chain-endpoints.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-any.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/apps/pr-any.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-any.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/apps/pr-any.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-master.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/apps/push-master.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-master.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/apps/push-master.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-master.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/apps/push-master.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-master.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/apps/push-master.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-master.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/apps/push-master.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-master.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/apps/push-master.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-master.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/apps/push-master.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-nightly.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/apps/test-nightly.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-nightly.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/apps/test-nightly.yml/master?enable=pin
Warn: containerImage not pinned by hash: docker/Dockerfile:1
Warn: containerImage not pinned by hash: docker/Dockerfile:20: pin your Docker image by updating nginx:stable-alpine to nginx:stable-alpine@sha256:aed99734248e851764f1f2146835ecad42b5f994081fa6631cc5d79240891ec9
Warn: downloadThenRun not pinned by hash: docker/Dockerfile:8
Warn: npmCommand not pinned by hash: docker/Dockerfile:12
Info: 0 out of 12 GitHub-owned GitHubAction dependencies pinned
Info: 4 out of 5 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Signed-Releases

Determines if the project cryptographically signs release artifacts.

0

SAST

Determines if the project uses static code analysis.

0

Fuzzing

Determines if the project uses fuzzing.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

78 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-hpx4-r86g-5jrg
Warn: Project is vulnerable to: GHSA-prr3-c3m5-p7q2
Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-r4pf-3v7r-hh55
Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x
Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
Warn: Project is vulnerable to: GHSA-xq7p-g2vc-g82p
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
Warn: Project is vulnerable to: GHSA-6r2x-8pq8-9489
Warn: Project is vulnerable to: GHSA-9jxc-qjr9-vjxq
Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-7wwv-vh3v-89cq
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh
Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
Warn: Project is vulnerable to: GHSA-h4hr-7fg3-h35w
Warn: Project is vulnerable to: GHSA-gj77-59wh-66hg
Warn: Project is vulnerable to: GHSA-hqhp-5p83-hx96
Warn: Project is vulnerable to: GHSA-3949-f494-cm99
Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-x3m3-4wpv-5vgc
Warn: Project is vulnerable to: GHSA-584q-6j8j-r5pm
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
Warn: Project is vulnerable to: GHSA-wpg7-2c88-r8xv
Warn: Project is vulnerable to: GHSA-652h-xwhf-q4h6
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-5r9g-qh6m-jxff
Warn: Project is vulnerable to: GHSA-r6ch-mqf9-qc9w
Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g
Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3
Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7

Score

4

/10

Last Scanned on 2025-06-30

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More