Gathering detailed insights and metrics for @polkadot/util
Gathering detailed insights and metrics for @polkadot/util
Utilities and base libraries for use across polkadot-js for Polkadot and Substrate. Includes base libraries, crypto helpers and cross-environment helpers.
Installations
npm install @polkadot/utilScore
97.2
Supply Chain
78.2
Quality
89.1
Maintenance
100
Vulnerability
100
License
Developer
polkadot-js
Developer Guide
BETA
Module System
ESM
Min. Node Version
>=18
Typescript Support
Yes
Node Version
22.10.0
NPM Version
10.9.0
Statistics
255 Stars
3,545 Commits
145 Forks
11 Watching
3 Branches
75 Contributors
Updated on 22 Nov 2024
Languages
TypeScript (99.73%)
JavaScript (0.16%)
HTML (0.11%)
Total Downloads
Cumulative downloads
Total Downloads
17,242,849
Last day
-20%
22,063
Compared to previous day
Last week
3.9%
145,746
Compared to previous week
Last month
-6.1%
587,421
Compared to previous month
Last year
21.8%
6,714,301
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
@polkadot/common
Various useful utility functions that are used across all projects in the @polkadot namespace. It provides utility functions with additional safety checks, allowing not only for consistent coding, but also reducing the general boilerplate.
overview
This repository is split up into a number of internal packages, namely utilities -
- keyring Keyring management
- util General utilities
- util-crypto Crypto and hashing utilities
development
Contributions are welcome!
To start off, this repo (along with others in the @polkadot family) uses yarn workspaces to organise the code. As such, after cloning, its dependencies should be installed via yarn, not via npm; the latter will result in broken dependencies.
To get started -
- Clone the repo locally, via
git clone https://github.com/polkadot-js/common <optional local path> - Ensure that you have a recent version of Node.js, for development purposes Node 10 is recommended.
- Ensure that you have a recent version of Yarn, for development purposes Yarn >=1.10.1 is required.
- Install the dependencies by running
yarn - Build the everything via
yarn run build - You can also launch the API Docs, via
yarn vuepress dev docs - Access the docs via http://localhost:8080
tutorials
Looking for tutorials to get started? Look at examples for guides on how to use the base utilities.
No vulnerabilities found.
Reason
30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 6
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-any.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/common/pr-any.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-any.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/common/pr-any.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-any.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/common/pr-any.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-master.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/common/push-master.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-master.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/polkadot-js/common/push-master.yml/master?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 4 third-party GitHubAction dependencies pinned
Reason
Found 15/30 approved changesets -- score normalized to 5
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/auto-approve.yml:1
- Warn: no topLevel permission defined: .github/workflows/auto-merge.yml:1
- Warn: no topLevel permission defined: .github/workflows/lock.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-any.yml:1
- Warn: no topLevel permission defined: .github/workflows/push-master.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 15 are checked with a SAST tool
Reason
37 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-x3m3-4wpv-5vgc
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-wpg7-2c88-r8xv
- Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
- Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
- Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
- Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
- Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
4.7
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More