Installations
npm install @rocket.chat/ui-kitDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
20.17.0
NPM Version
10.8.2
Statistics
40,798 Stars
26,642 Commits
10,719 Forks
877 Watching
1,060 Branches
909 Contributors
Updated on 29 Nov 2024
Bundle Size
236.65 kB
Minified
13.29 kB
Minified + Gzipped
Languages
TypeScript (91.38%)
JavaScript (4.27%)
CSS (2.56%)
HTML (1.12%)
SCSS (0.27%)
Dockerfile (0.14%)
PEG.js (0.12%)
Shell (0.07%)
EJS (0.03%)
PHP (0.03%)
Smarty (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
1,409,209
Last day
-51.1%
456
Compared to previous day
Last week
-17.3%
4,014
Compared to previous week
Last month
-18.2%
23,996
Compared to previous month
Last year
-73.4%
168,018
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
1
Versions
The ultimate Free Open Source Solution for team communications
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript for organizations with high standards of data protection.
We are the ultimate Free Open Source Solution for team communications, enabling real-time conversations between colleagues, with other companies or with your customers, regardless of how they connect with you. The result is an increase in productivity and customer satisfaction rates.
Every day, tens of millions of users in over 150 countries and in organizations such as Deutsche Bahn, The US Navy, and Credit Suisse trust Rocket.Chat to keep their communications completely private and secure.
🚀 Product Offerings - Self Hosted and Cloud
Rocket.Chat has four key product offerings:
💬 Team collaboration - A single point for secure internal and cross-company collaboration.
🎯 Omnichannel customer service - Engage in seamless interactions with customers regardless of how they connect with you.
🦾 Chat engine - Create customized messaging experiences within your mobile or web app.
🤖 Marketplace - Choose a wide range of apps and native integrations that help your business communicate more effectively.
☁️ Cloud Hosted Rocket.Chat
Send your first message in minutes.
Free for 30 days. Afterward, choose between continuing to host on our secure cloud or migrating to your private cloud, data center, or even air-gapped environment.
Start your cloud hosted trial now
🛠️ Local development
Prerequisites
You can follow these instructions to setup a dev environment:
- Install Node 20.x (LTS) either manually or using a tool like nvm or volta (recommended)
- Install Meteor (version here): https://docs.meteor.com/about/install.html
- Install yarn: https://yarnpkg.com/getting-started/install
- Install Deno 1.x: https://docs.deno.com/runtime/fundamentals/installation/
- Clone this repo:
git clone https://github.com/RocketChat/Rocket.Chat.git - Run
yarnto install dependencies
Starting Rocket.Chat:
1yarn dev # run all packages
OR
1yarn dsv # run only meteor (front and back) with pre-built packages
After initialized, you can access the server at http://localhost:3000
More details at: Developer Docs PS: For Windows you MUST use WSL2 and have +12Gb RAM
Gitpod Setup
-
Click the button below to open this project in Gitpod.
-
This will open a fully configured workspace in your browser with all the necessary dependencies already installed.
Starting Rocket.Chat in microservices mode:
1yarn turbo run ms
After initialized, you can access the server at http://localhost:4000
⚠️ Check more detailed information in the Rocket.Chat Environment Setup guide
💻 Installation
Please see the requirements documentation for system requirements and more information about supported operating systems. Please refer to Install Rocket.Chat to install your Rocket.Chat instance.
📱 Mobile Apps
In addition to the web interface, you can also download Rocket.Chat clients for:
You can also contribute to the Mobile open source code in Rocket.Chat.ReactNative and check it out its documentation
🧩 Apps Engine for Rocket.Chat
You can develop your own app that can be integrated with Rocket.Chat. We provide an Open Source Apps Engine framework increasing the world of possibilities of integrations around the Rocket.Chat ecosystem
📚 Learn More
- Product Documentation
- Developer Documentation
- API Documentation
- Apps Engine Development
- See who's using Rocket.Chat
🆕 Feature Request
Rocket.Chat/feature-requests is used to track Rocket.Chat feature requests and discussions. Click here to open a new feature request. Feature Request Forums stores the historical archives of old feature requests (up to 2018).
🤝 Community
Join thousands of members worldwide in our community server. Join #support and #general for help from the community.
👥 Contributions
Rocket.Chat is an open source project and we are very happy to accept community contributions. Please refer to the How can I help? page for more details.
💼 Become a Rocketeer
We're hiring developers, support people, and product managers all the time. Please check our jobs page.
🗞️ Get the Latest News
🗒️ Credits
- Emoji provided graciously by JoyPixels.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/ci.yml:331
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Warn: no linked content found
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: SECURITY.md:1
Reason
branch protection is not maximal on development and all release branches
Details
- Warn: branch protection not enabled for branch 'devs-welcoming-experience'
- Info: 'allow deletion' disabled on branch 'develop'
- Info: 'force pushes' disabled on branch 'develop'
- Warn: required approving review count is 1 on branch 'develop'
- Info: codeowner review is required on branch 'develop'
- Info: status check found to merge onto on branch 'develop'
- Info: PRs are required in order to make changes on branch 'develop'
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci-code-check.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci-deploy-gh-pages.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci-test-e2e.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci-test-unit.yml:1
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/new-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-title-checker.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-update-description.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-candidate.yml:1
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-version-durability.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-code-check.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-code-check.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-code-check.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-code-check.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-code-check.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-code-check.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-code-check.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-code-check.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-code-check.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-code-check.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-code-check.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-code-check.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-deploy-gh-pages.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-deploy-gh-pages.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-deploy-gh-pages.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-deploy-gh-pages.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-deploy-gh-pages.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-deploy-gh-pages.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-test-e2e.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-e2e.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-test-e2e.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-e2e.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-test-e2e.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-e2e.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test-e2e.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-e2e.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-test-e2e.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-e2e.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test-e2e.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-e2e.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test-e2e.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-e2e.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-test-e2e.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-e2e.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test-e2e.yml:298: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-e2e.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-test-e2e.yml:317: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-e2e.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-test-e2e.yml:325: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-e2e.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test-e2e.yml:336: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-e2e.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test-e2e.yml:344: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-e2e.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-test-unit.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-unit.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test-unit.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-unit.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-test-unit.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-unit.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-test-unit.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-unit.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-test-unit.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci-test-unit.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:263: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:278: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:863: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:910: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:609: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:617: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:670: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:676: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:777: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:783: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:232: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:247: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:293: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:298: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:307: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:312: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:319: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:348: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:393: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/ci.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/codeql-analysis.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/new-release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/new-release.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-title-checker.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/pr-title-checker.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-update-description.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/pr-update-description.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-update-description.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/pr-update-description.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/publish-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/publish-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-candidate.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/release-candidate.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-candidate.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/release-candidate.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/stale.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-version-durability.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/update-version-durability.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-version-durability.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/RocketChat/Rocket.Chat/update-version-durability.yml/develop?enable=pin
- Warn: containerImage not pinned by hash: apps/meteor/.docker-mongo/Dockerfile:1: pin your Docker image by updating node:20.18.0-bullseye-slim to node:20.18.0-bullseye-slim@sha256:8316459380d7c3a02de5a7994130757f0d8d57872301efeef3c42a0ba2d4e5fb
- Warn: containerImage not pinned by hash: apps/meteor/.docker/Dockerfile.alpine:1: pin your Docker image by updating node:20.18.0-alpine3.20 to node:20.18.0-alpine3.20@sha256:b1e0880c3af955867bc2f1944b49d20187beb7afa3f30173e15a97149ab7f5f1
- Warn: containerImage not pinned by hash: apps/meteor/.docker/Dockerfile.debian:3
- Warn: containerImage not pinned by hash: apps/meteor/.docker/Dockerfile.debian:5: pin your Docker image by updating node:20.18.0-bullseye-slim to node:20.18.0-bullseye-slim@sha256:8316459380d7c3a02de5a7994130757f0d8d57872301efeef3c42a0ba2d4e5fb
- Warn: containerImage not pinned by hash: apps/meteor/ee/server/services/Dockerfile:1
- Warn: containerImage not pinned by hash: apps/meteor/ee/server/services/Dockerfile:31: pin your Docker image by updating node:20.18.0-alpine3.20 to node:20.18.0-alpine3.20@sha256:b1e0880c3af955867bc2f1944b49d20187beb7afa3f30173e15a97149ab7f5f1
- Warn: containerImage not pinned by hash: apps/meteor/tests/e2e/containers/saml/Dockerfile:1: pin your Docker image by updating php:7.1-apache to php:7.1-apache@sha256:70eefcf4372b279101259e905996b7733a87688d0b48625af01b55947836bb1f
- Warn: containerImage not pinned by hash: ee/apps/account-service/Dockerfile:1: pin your Docker image by updating node:20.18.0-alpine3.20 to node:20.18.0-alpine3.20@sha256:b1e0880c3af955867bc2f1944b49d20187beb7afa3f30173e15a97149ab7f5f1
- Warn: containerImage not pinned by hash: ee/apps/authorization-service/Dockerfile:1: pin your Docker image by updating node:20.18.0-alpine3.20 to node:20.18.0-alpine3.20@sha256:b1e0880c3af955867bc2f1944b49d20187beb7afa3f30173e15a97149ab7f5f1
- Warn: containerImage not pinned by hash: ee/apps/ddp-streamer/Dockerfile:1: pin your Docker image by updating node:20.18.0-alpine3.20 to node:20.18.0-alpine3.20@sha256:b1e0880c3af955867bc2f1944b49d20187beb7afa3f30173e15a97149ab7f5f1
- Warn: containerImage not pinned by hash: ee/apps/omnichannel-transcript/Dockerfile:1: pin your Docker image by updating node:20.18.0-alpine3.20 to node:20.18.0-alpine3.20@sha256:b1e0880c3af955867bc2f1944b49d20187beb7afa3f30173e15a97149ab7f5f1
- Warn: containerImage not pinned by hash: ee/apps/presence-service/Dockerfile:1: pin your Docker image by updating node:20.18.0-alpine3.20 to node:20.18.0-alpine3.20@sha256:b1e0880c3af955867bc2f1944b49d20187beb7afa3f30173e15a97149ab7f5f1
- Warn: containerImage not pinned by hash: ee/apps/queue-worker/Dockerfile:1: pin your Docker image by updating node:20.18.0-alpine3.20 to node:20.18.0-alpine3.20@sha256:b1e0880c3af955867bc2f1944b49d20187beb7afa3f30173e15a97149ab7f5f1
- Warn: containerImage not pinned by hash: ee/apps/stream-hub-service/Dockerfile:1: pin your Docker image by updating node:20.18.0-alpine3.20 to node:20.18.0-alpine3.20@sha256:b1e0880c3af955867bc2f1944b49d20187beb7afa3f30173e15a97149ab7f5f1
- Warn: npmCommand not pinned by hash: apps/meteor/.docker-mongo/Dockerfile:32-46
- Warn: npmCommand not pinned by hash: apps/meteor/.docker/Dockerfile.alpine:20-39
- Warn: npmCommand not pinned by hash: apps/meteor/.docker/Dockerfile.alpine:20-39
- Warn: npmCommand not pinned by hash: apps/meteor/.docker/Dockerfile.alpine:20-39
- Warn: npmCommand not pinned by hash: apps/meteor/.docker/Dockerfile.debian:38-42
- Warn: npmCommand not pinned by hash: apps/meteor/.docker/Dockerfile.debian:38-42
- Warn: npmCommand not pinned by hash: apps/meteor/example-build-run.sh:25
- Warn: npmCommand not pinned by hash: apps/meteor/install.sh:29
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:326
- Warn: npmCommand not pinned by hash: .github/workflows/update-version-durability.yml:27
- Info: 0 out of 41 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 32 third-party GitHubAction dependencies pinned
- Info: 0 out of 14 containerImage dependencies pinned
- Info: 0 out of 10 npmCommand dependencies pinned
Reason
45 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-hf55-c445-2w97
- Warn: Project is vulnerable to: GHSA-6375-pg5j-8wph
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-x3cc-x39p-42qx
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-7wwv-vh3v-89cq
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q
- Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
- Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
- Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-339j-hqgx-qrrx
- Warn: Project is vulnerable to: GHSA-92xj-mqp7-vmcj
- Warn: Project is vulnerable to: GHSA-wxgw-qj99-44c2
- Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
- Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
- Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
- Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
- Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
- Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-2fw4-mgq9-39cx
- Warn: Project is vulnerable to: GHSA-4rg6-fm25-gc34
- Warn: Project is vulnerable to: GHSA-wgrm-67xf-hhpq
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-ffxg-5f8m-h72j
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
- Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
5.5
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More