Installations
npm install @rudderstack/analytics-jsDeveloper Guide
Typescript
Yes
Module System
ESM
Node Version
20.11.1
NPM Version
10.2.4
Score
100
Supply Chain
100
Quality
98.7
Maintenance
100
Vulnerability
93.6
License
Releases
rudderstack/analytics-js-service-worker@3.2.17
Published on 17 Dec 2024
@rudderstack/analytics-js-integrations@3.11.14
Published on 17 Dec 2024
@rudderstack/analytics-js-loading-scripts@3.0.59
Published on 17 Dec 2024
rudder-sdk-js@2.48.42
Published on 17 Dec 2024
@rudderstack/analytics-js@3.11.16
Published on 17 Dec 2024
@rudderstack/analytics-js-plugins@3.6.20
Published on 17 Dec 2024
Contributors
Languages
TypeScript (48.61%)
JavaScript (44.44%)
HTML (6.7%)
Shell (0.24%)
Developer
Download Statistics
Total Downloads
1,835,280
Last Day
6,902
Last Week
71,784
Last Month
293,967
Last Year
1,792,147
GitHub Statistics
145 Stars
4,074 Commits
83 Forks
13 Watching
18 Branches
88 Contributors
Bundle Size
99.71 kB
Minified
28.30 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
3.11.16
Package Id
@rudderstack/analytics-js@3.11.16
Unpacked Size
7.33 MB
Size
1.76 MB
File Count
24
NPM Version
10.2.4
Node Version
20.11.1
Publised On
17 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
1,835,280
Last day
-47.2%
6,902
Compared to previous day
Last week
2.4%
71,784
Compared to previous week
Last month
-2.6%
293,967
Compared to previous month
Last year
4,054.9%
1,792,147
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
The Customer Data Platform for Developers
Website · Documentation · Community Slack
@rudderstack/analytics-js
RudderStack JavaScript SDK for browsers.
For detailed documentation on the RudderStack JavaScript SDK, click here.
Table of Contents
Installing the package
To install the package via NPM, run the following command:
1npm install @rudderstack/analytics-js --save
Note that this NPM module is only meant to be used for a browser installation. If you want to integrate RudderStack with your Node.js application, refer to the RudderStack Node.js repository.
Available exports
Default export will fetch the plugins during runtime as federated modules in separate requests.
1import { RudderAnalytics } from '@rudderstack/analytics-js'; 2 3const analytics = new RudderAnalytics(); 4analytics.load(<WRITE_KEY>, <DATA_PLANE_URL>);
Bundled export will contain the plugins code as part of the bundle in build time.
1import { RudderAnalytics } from '@rudderstack/analytics-js/bundled'; 2 3const analytics = new RudderAnalytics(); 4analytics.load(<WRITE_KEY>, <DATA_PLANE_URL>);
Legacy export will contain the plugins code as part of the bundle in build time and supports legacy browsers like IE11.
1import { RudderAnalytics } from '@rudderstack/analytics-js/legacy'; 2 3const analytics = new RudderAnalytics(); 4analytics.load(<WRITE_KEY>, <DATA_PLANE_URL>);
How to build the SDK
Look for run scripts in the package.json file for getting the browser minified and non-minified builds. The builds are updated in the dist folder of the directory. Among the others, some of the important ones are:
npm run build:browser:modern: This outputs dist/cdn/modern folder that contains the CDN package contents.npm run build:npm: This outputs dist/npm folder that contains the NPM package contents.
Usage in Chrome Extensions
RudderStack JS SDK can be used in Chrome Extensions with manifest v3, both as a content script (via the JavaScript SDK package) or as a background script service worker (via the service worker package).
For more details, see Chrome Extensions Usage.
Usage in Serverless Runtimes
RudderStack JS SDK service worker can be used in serverless runtimes like Cloudflare Workers or Vercel Edge functions.
For more details, see:
License
This project is licensed under the Elastic License 2.0. See the LICENSE.md file for details. Review the license terms to understand your permissions and restrictions.
If you have any questions about licensing, please contact us or refer to the official Elastic licensing page.
Contribute
We invite you to contribute to this project. For more information on how to contribute, please see here.
Contact us
For more information on any of the sections covered in this readme, you can contact us or start a conversation on our Slack channel.
Follow Us
:clap: Our Supporters
No vulnerabilities found.
Reason
30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-7gfc-8cq8-jh5f
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'develop'
- Info: 'force pushes' disabled on branch 'develop'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'develop'
- Info: 'stale review dismissal' is required to merge on branch 'develop'
- Warn: required approving review count is 1 on branch 'develop'
- Info: codeowner review is required on branch 'develop'
- Info: 'last push approval' is required to merge on branch 'develop'
- Warn: 'up-to-date branches' is disabled on branch 'develop'
- Info: status check found to merge onto on branch 'develop'
- Info: PRs are required in order to make changes on branch 'develop'
Reason
Found 3/13 approved changesets -- score normalized to 2
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/check_pr_title.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-hotfix-branch.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-beta.yml:8
- Warn: no topLevel permission defined: .github/workflows/deploy-dev.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-npm.yml:22
- Warn: no topLevel permission defined: .github/workflows/deploy-prod.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-sanity-suite.yml:49
- Warn: no topLevel permission defined: .github/workflows/deploy-staging.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy.yml:48
- Warn: no topLevel permission defined: .github/workflows/draft-new-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/housekeeping.yaml:1
- Warn: no topLevel permission defined: .github/workflows/publish-new-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/rollback.yml:1
- Warn: no topLevel permission defined: .github/workflows/security-code-quality-and-bundle-size-checks.yml:1
- Warn: no topLevel permission defined: .github/workflows/trigger-sanity-suite.yml:1
- Warn: no topLevel permission defined: .github/workflows/unit-tests-and-lint.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/update-cache-policy.yml:16
- Warn: no topLevel permission defined: .github/workflows/validate-actor.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check_pr_title.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/check_pr_title.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-hotfix-branch.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/create-hotfix-branch.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/draft-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/draft-new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/draft-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/draft-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/housekeeping.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/housekeeping.yaml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/housekeeping.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/housekeeping.yaml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/housekeeping.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/housekeeping.yaml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-new-release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/publish-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-new-release.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/publish-new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-new-release.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/publish-new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-new-release.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/publish-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trigger-sanity-suite.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/trigger-sanity-suite.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests-and-lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/unit-tests-and-lint.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests-and-lint.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/unit-tests-and-lint.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit-tests-and-lint.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/unit-tests-and-lint.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit-tests-and-lint.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/unit-tests-and-lint.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-cache-policy.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/update-cache-policy.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-cache-policy.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/update-cache-policy.yml/develop?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/draft-new-release.yml:98
- Info: 0 out of 20 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 20 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 1 commits out of 22 are checked with a SAST tool
Score
5.4
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to @rudderstack/analytics-js
rudder-sdk-js
RudderStack JavaScript SDK
@rudderstack/analytics-js-cookies
RudderStack JavaScript SDK Cookies Utilities
@rudderstack/analytics-js-service-worker
RudderStack JavaScript Service Worker SDK
analytics-js-monorepo-beta-v3
Monorepo accommodating Rudderstack Analytics JS SDK