Gathering detailed insights and metrics for @rudderstack/analytics-js
Gathering detailed insights and metrics for @rudderstack/analytics-js
JavaScript SDK for RudderStack - the Customer Data Platform for Developers.
Installations
npm install @rudderstack/analytics-jsDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
20.11.1
NPM Version
10.2.4
Score
100
Supply Chain
100
Quality
97
Maintenance
100
Vulnerability
93.6
License
Releases
672
@rudderstack/analytics-js@3.16.1
@rudderstack/analytics-js@3.16.1
Updated on Mar 03, 2025
rudderstack/analytics-js-service-worker@3.2.23
@rudderstack/analytics-js-service-worker@3.2.23
Updated on Mar 03, 2025
@rudderstack/analytics-js-integrations@3.13.1
@rudderstack/analytics-js-integrations@3.13.1
Updated on Mar 03, 2025
rudder-sdk-js@2.51.0
rudder-sdk-js@2.51.0
Updated on Mar 03, 2025
@rudderstack/analytics-js@3.16.0
@rudderstack/analytics-js@3.16.0
Updated on Mar 03, 2025
@rudderstack/analytics-js-plugins@3.8.0
@rudderstack/analytics-js-plugins@3.8.0
Updated on Mar 03, 2025
Languages
4
TypeScript
JavaScript
HTML
Shell
TypeScript (49.42%)
JavaScript (43.65%)
HTML (6.55%)
Shell (0.39%)
Developer
Download Statistics
Total Downloads
2,859,594
Last Day
20,790
Last Week
99,550
Last Month
388,527
Last Year
2,701,362
GitHub Statistics
NOASSERTION License
151 Stars
4,266 Commits
90 Forks
11 Watchers
7 Branches
93 Contributors
Updated on Mar 27, 2025
Bundle Size
104.59 kB
Minified
30.64 kB
Minified + Gzipped
Maintainers
5
Package Meta Information
Latest Version
3.16.1
Package Id
@rudderstack/analytics-js@3.16.1
Unpacked Size
7.36 MB
Size
1.77 MB
File Count
24
NPM Version
10.2.4
Node Version
20.11.1
Published on
Mar 03, 2025
Total Downloads
Cumulative downloads
Total Downloads
2,859,594
Last Day
26.6%
20,790
Compared to previous day
Last Week
16.1%
99,550
Compared to previous week
Last Month
12%
388,527
Compared to previous month
Last Year
1,607.2%
2,701,362
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
The Customer Data Platform for Developers
Website · Documentation · Community Slack
@rudderstack/analytics-js
RudderStack JavaScript SDK for browsers.
For detailed documentation on the RudderStack JavaScript SDK, click here.
Table of Contents
Installing the package
To install the package via NPM, run the following command:
1npm install @rudderstack/analytics-js --save
Note that this NPM module is only meant to be used for a browser installation. If you want to integrate RudderStack with your Node.js application, refer to the RudderStack Node.js repository.
Available exports
Default export will fetch the plugins during runtime as federated modules in separate requests.
1import { RudderAnalytics } from '@rudderstack/analytics-js'; 2 3const analytics = new RudderAnalytics(); 4analytics.load(<WRITE_KEY>, <DATA_PLANE_URL>);
Bundled export will contain the plugins code as part of the bundle in build time.
1import { RudderAnalytics } from '@rudderstack/analytics-js/bundled'; 2 3const analytics = new RudderAnalytics(); 4analytics.load(<WRITE_KEY>, <DATA_PLANE_URL>);
Legacy export will contain the plugins code as part of the bundle in build time and supports legacy browsers like IE11.
1import { RudderAnalytics } from '@rudderstack/analytics-js/legacy'; 2 3const analytics = new RudderAnalytics(); 4analytics.load(<WRITE_KEY>, <DATA_PLANE_URL>);
How to build the SDK
Look for run scripts in the package.json file for getting the browser minified and non-minified builds. The builds are updated in the dist folder of the directory. Among the others, some of the important ones are:
npm run build:browser:modern: This outputs dist/cdn/modern folder that contains the CDN package contents.npm run build:npm: This outputs dist/npm folder that contains the NPM package contents.
Usage in Chrome Extensions
RudderStack JS SDK can be used in Chrome Extensions with manifest v3, both as a content script (via the JavaScript SDK package) or as a background script service worker (via the service worker package).
For more details, see Chrome Extensions Usage.
Usage in Serverless Runtimes
RudderStack JS SDK service worker can be used in serverless runtimes like Cloudflare Workers or Vercel Edge functions.
For more details, see:
License
This project is licensed under the Elastic License 2.0. See the LICENSE.md file for details. Review the license terms to understand your permissions and restrictions.
If you have any questions about licensing, please contact us or refer to the official Elastic licensing page.
Contribute
We invite you to contribute to this project. For more information on how to contribute, please see here.
Contact us
For more information on any of the sections covered in this readme, you can contact us or start a conversation on our Slack channel.
Follow Us
:clap: Our Supporters
No vulnerabilities found.
Reason
all changesets reviewed
Reason
30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
SAST tool is not run on all commits -- score normalized to 9
Details
- Warn: 28 commits out of 30 are checked with a SAST tool
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'develop'
- Info: 'force pushes' disabled on branch 'develop'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'develop'
- Info: 'stale review dismissal' is required to merge on branch 'develop'
- Warn: required approving review count is 1 on branch 'develop'
- Info: codeowner review is required on branch 'develop'
- Info: 'last push approval' is required to merge on branch 'develop'
- Warn: 'up-to-date branches' is disabled on branch 'develop'
- Info: status check found to merge onto on branch 'develop'
- Info: PRs are required in order to make changes on branch 'develop'
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
- Warn: Project is vulnerable to: GHSA-3xg3-cgvq-2xwr
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/check_pr_title.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-hotfix-branch.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-beta.yml:12
- Warn: no topLevel permission defined: .github/workflows/deploy-dev.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-npm.yml:22
- Warn: no topLevel permission defined: .github/workflows/deploy-prod.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-sanity-suite.yml:36
- Warn: no topLevel permission defined: .github/workflows/deploy-staging.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy.yml:48
- Warn: no topLevel permission defined: .github/workflows/draft-new-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/housekeeping.yaml:1
- Warn: no topLevel permission defined: .github/workflows/publish-new-release.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/rollback.yml:12
- Warn: no topLevel permission defined: .github/workflows/security-code-quality-and-bundle-size-checks.yml:1
- Warn: no topLevel permission defined: .github/workflows/trigger-test-suites.yml:1
- Warn: no topLevel permission defined: .github/workflows/unit-tests-and-lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/validate-actor.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check_pr_title.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/check_pr_title.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-hotfix-branch.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/create-hotfix-branch.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:260: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/draft-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/draft-new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/draft-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/draft-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/housekeeping.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/housekeeping.yaml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/housekeeping.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/housekeeping.yaml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/housekeeping.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/housekeeping.yaml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-new-release.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/publish-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-new-release.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/publish-new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-new-release.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/publish-new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-new-release.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/publish-new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rollback.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/rollback.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rollback.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/rollback.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rollback.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/rollback.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rollback.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/rollback.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trigger-test-suites.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/trigger-test-suites.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests-and-lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/unit-tests-and-lint.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests-and-lint.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/unit-tests-and-lint.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit-tests-and-lint.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/unit-tests-and-lint.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit-tests-and-lint.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/unit-tests-and-lint.yml/develop?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/draft-new-release.yml:104
- Info: 0 out of 21 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 21 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6.3
/10
Last Scanned on 2025-03-17
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More