Gathering detailed insights and metrics for @rails/actiontext
Gathering detailed insights and metrics for @rails/actiontext
Installations
npm install @rails/actiontextScore
99.7
Supply Chain
76.8
Quality
97.8
Maintenance
100
Vulnerability
99.6
License
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
22.10.0
NPM Version
10.9.0
Statistics
56,133 Stars
93,813 Commits
21,701 Forks
2,325 Watching
62 Branches
5,094 Contributors
Updated on 29 Nov 2024
Bundle Size
15.59 kB
Minified
4.90 kB
Minified + Gzipped
Languages
Ruby (97%)
JavaScript (1.3%)
HTML (1.13%)
SCSS (0.29%)
CSS (0.27%)
Dockerfile (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
15,350,848
Last day
-35.3%
13,132
Compared to previous day
Last week
-7.5%
98,810
Compared to previous week
Last month
1.3%
447,217
Compared to previous month
Last year
15.3%
4,637,735
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
1
Dev Dependencies
4
Versions
Welcome to Rails
What's Rails?
Rails is a web-application framework that includes everything needed to create database-backed web applications according to the Model-View-Controller (MVC) pattern.
Understanding the MVC pattern is key to understanding Rails. MVC divides your application into three layers: Model, View, and Controller, each with a specific responsibility.
Model layer
The Model layer represents the domain model (such as Account, Product,
Person, Post, etc.) and encapsulates the business logic specific to
your application. In Rails, database-backed model classes are derived from
ActiveRecord::Base. Active Record allows you to present the data from
database rows as objects and embellish these data objects with business logic
methods.
Although most Rails models are backed by a database, models can also be ordinary
Ruby classes, or Ruby classes that implement a set of interfaces as provided by
the Active Model module.
View layer
The View layer is composed of "templates" that are responsible for providing appropriate representations of your application's resources. Templates can come in a variety of formats, but most view templates are HTML with embedded Ruby code (ERB files). Views are typically rendered to generate a controller response or to generate the body of an email. In Rails, View generation is handled by Action View.
Controller layer
The Controller layer is responsible for handling incoming HTTP requests and
providing a suitable response. Usually, this means returning HTML, but Rails controllers
can also generate XML, JSON, PDFs, mobile-specific views, and more. Controllers load and
manipulate models, and render view templates in order to generate the appropriate HTTP response.
In Rails, incoming requests are routed by Action Dispatch to an appropriate controller, and
controller classes are derived from ActionController::Base. Action Dispatch and Action Controller
are bundled together in Action Pack.
Frameworks and libraries
Active Record, Active Model, Action Pack, and Action View can each be used independently outside Rails.
In addition to that, Rails also comes with:
- Action Mailer, a library to generate and send emails
- Action Mailbox, a library to receive emails within a Rails application
- Active Job, a framework for declaring jobs and making them run on a variety of queuing backends
- Action Cable, a framework to integrate WebSockets with a Rails application
- Active Storage, a library to attach cloud and local files to Rails applications
- Action Text, a library to handle rich text content
- Active Support, a collection of utility classes and standard library extensions that are useful for Rails, and may also be used independently outside Rails
Getting Started
-
Install Rails at the command prompt if you haven't yet:
1$ gem install rails -
At the command prompt, create a new Rails application:
1$ rails new myappwhere "myapp" is the application name.
-
Change directory to
myappand start the web server:1$ cd myapp 2$ bin/rails serverRun with
--helpor-hfor options. -
Go to
http://localhost:3000and you'll see the Rails bootscreen with your Rails and Ruby versions. -
Follow the guidelines to start developing your application. You may find the following resources handy:
Contributing
We encourage you to contribute to Ruby on Rails! Please check out the Contributing to Ruby on Rails guide for guidelines about how to proceed. Join us!
Trying to report a possible security vulnerability in Rails? Please check out our security policy for guidelines about how to proceed.
Everyone interacting in Rails and its sub-projects' codebases, issue trackers, chat rooms, and mailing lists is expected to follow the Rails code of conduct.
License
Ruby on Rails is released under the MIT License.
No vulnerabilities found.
Reason
30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: .github/security.md:1
- Info: Found linked content: .github/security.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/security.md:1
- Info: Found text in security policy: .github/security.md:1
Reason
license file detected
Details
- Info: project has a license file: MIT-LICENSE:0
- Info: FSF or OSI recognized license: MIT License: MIT-LICENSE:0
Reason
no binaries found in the repo
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/devcontainer-smoke-test.yml:11
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/devcontainer-smoke-test.yml:12
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:10
- Warn: no topLevel permission defined: .github/workflows/devcontainer-smoke-test.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/rail_inspector.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/rails-new-docker.yml:6
- Info: topLevel 'contents' permission set to 'read': .github/workflows/rails_releaser_tests.yml:12
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
Reason
Found 14/17 approved changesets -- score normalized to 8
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Warn: branch 'main' does not require approvers
- Warn: codeowners review is not required on branch 'main'
- Warn: no status checks found to merge onto branch 'main'
Reason
badge detected: InProgress
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:17-19
- Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:31-33
- Info: Possibly incomplete results: error parsing shell code: > must be followed by a word: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:56-58
- Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:103-105
- Info: Possibly incomplete results: error parsing shell code: > must be followed by a word: railties/lib/rails/generators/rails/app/templates/docker-entrypoint.tt:0
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devcontainer-smoke-test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/devcontainer-smoke-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/devcontainer-smoke-test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/devcontainer-smoke-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/devcontainer-smoke-test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/devcontainer-smoke-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/devcontainer-smoke-test.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/devcontainer-smoke-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/devcontainer-smoke-test.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/devcontainer-smoke-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/devcontainer-smoke-test.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/devcontainer-smoke-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/devcontainer-smoke-test.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/devcontainer-smoke-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rail_inspector.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/rail_inspector.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rail_inspector.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/rail_inspector.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rails-new-docker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/rails-new-docker.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rails-new-docker.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/rails-new-docker.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rails-new-docker.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/rails-new-docker.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rails_releaser_tests.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/rails_releaser_tests.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rails_releaser_tests.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/rails_releaser_tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/release.yml/main?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:5
- Warn: containerImage not pinned by hash: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:12
- Warn: containerImage not pinned by hash: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:29
- Warn: containerImage not pinned by hash: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:97
- Warn: containerImage not pinned by hash: railties/lib/rails/generators/rails/devcontainer/templates/devcontainer/Dockerfile.tt:3
- Warn: containerImage not pinned by hash: railties/test/fixtures/Dockerfile.test:5
- Warn: containerImage not pinned by hash: railties/test/fixtures/Dockerfile.test:21
- Warn: containerImage not pinned by hash: railties/test/fixtures/Dockerfile.test:42
- Warn: npmCommand not pinned by hash: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:41-44
- Warn: downloadThenRun not pinned by hash: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:51
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 12 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
- Info: 0 out of 8 containerImage dependencies pinned
Reason
19 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-q3wr-qw3g-3p4h
- Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m
- Warn: Project is vulnerable to: GHSA-hxx2-7vcw-mqr3
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-3329-pjwv-fjpg
- Warn: Project is vulnerable to: GHSA-p6j9-7xhc-rhwp
- Warn: Project is vulnerable to: GHSA-89gv-h8wf-cg8r
- Warn: Project is vulnerable to: GHSA-gcv8-gh4r-25x6
- Warn: Project is vulnerable to: GHSA-gmv4-r438-p67f
- Warn: Project is vulnerable to: GHSA-8h2f-7jc4-7m3m
- Warn: Project is vulnerable to: GHSA-3vjf-82ff-p4r3
- Warn: Project is vulnerable to: GHSA-g694-m8vq-gv9h
Score
6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More