Monorepo for tools developed by the Rush Stack community
Installations
npm install @rushstack/rush-sdk
Score
87.7
Supply Chain
98.6
Quality
96.9
Maintenance
100
Vulnerability
99.3
License
Releases
Unable to fetch releases
Developer
Developer Guide
Module System
CommonJS, ESM
Min. Node Version
Typescript Support
No
Node Version
18.20.5
NPM Version
10.8.2
Statistics
5,953 Stars
22,173 Commits
601 Forks
54 Watching
106 Branches
277 Contributors
Updated on 27 Nov 2024
Languages
TypeScript (96.27%)
JavaScript (3.4%)
SCSS (0.16%)
Shell (0.05%)
HTML (0.05%)
CSS (0.03%)
Sass (0.03%)
Batchfile (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
37,853,986
Last day
-6%
64,787
Compared to previous day
Last week
4.8%
346,296
Compared to previous week
Last month
6%
1,422,502
Compared to previous month
Last year
9.9%
16,110,506
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
6
The home for projects maintained by the Rush Stack community. Our mission is to develop reusable tooling for large scale TypeScript monorepos.
Open in VS Code web view |
Documentation Links
- What is Rush Stack? - learn about the mission behind these projects
- API reference - browse API documentation for NPM packages
- Zulip chat room - chat with the Rush Stack developers
- Rush - a build orchestrator for large scale TypeScript monorepos
- Heft - our recommended tool that integrates with Rush
- API Extractor - create .d.ts rollups and track your TypeScript API signatures
- API Documenter - use TSDoc comments to publish an API documentation website
- Lockfile Explorer - investigate and solve version conflicts for PNPM lockfiles
- TSDoc - the standard for doc comments in TypeScript code
Related Repos
These GitHub repositories provide supplementary resources for Rush Stack:
- rushstack-samples - a monoprepo with sample projects that illustrate various project setups, including how to use Heft with other popular JavaScript frameworks
- rush-example - a minimal Rush repo that demonstrates the fundamentals of Rush without relying on any other Rush Stack tooling
- rushstack-websites - Docusaurus monorepo for our websites
Published Packages
Unpublished Local Projects
Folder | Description |
---|---|
/apps/lockfile-explorer-web | Rush Lockfile Explorer: helper project for building the React web application component |
/build-tests-samples/heft-node-basic-tutorial | (Copy of sample project) Building this project is a regression test for Heft |
/build-tests-samples/heft-node-jest-tutorial | (Copy of sample project) Building this project is a regression test for Heft |
/build-tests-samples/heft-node-rig-tutorial | (Copy of sample project) Building this project is a regression test for Heft |
/build-tests-samples/heft-serverless-stack-tutorial | (Copy of sample project) Building this project is a regression test for Heft |
/build-tests-samples/heft-storybook-react-tutorial | (Copy of sample project) Building this project is a regression test for Heft |
/build-tests-samples/heft-storybook-react-tutorial-app | Building this project is a regression test for heft-storybook-plugin |
/build-tests-samples/heft-storybook-react-tutorial-storykit | Storybook build dependencies for heft-storybook-react-tutorial |
/build-tests-samples/heft-web-rig-app-tutorial | (Copy of sample project) Building this project is a regression test for Heft |
/build-tests-samples/heft-web-rig-library-tutorial | (Copy of sample project) Building this project is a regression test for Heft |
/build-tests-samples/heft-webpack-basic-tutorial | (Copy of sample project) Building this project is a regression test for Heft |
/build-tests-samples/packlets-tutorial | (Copy of sample project) Building this project is a regression test for @rushstack/eslint-plugin-packlets |
/build-tests-subspace/rush-lib-test | A minimal example project that imports APIs from @rushstack/rush-lib |
/build-tests-subspace/rush-sdk-test | A minimal example project that imports APIs from @rushstack/rush-sdk |
/build-tests-subspace/typescript-newest-test | Building this project tests Heft with the newest supported TypeScript compiler version |
/build-tests-subspace/typescript-v4-test | Building this project tests Heft with TypeScript v4 |
/build-tests/api-documenter-scenarios | Building this project is a regression test for api-documenter |
/build-tests/api-documenter-test | Building this project is a regression test for api-documenter |
/build-tests/api-extractor-d-cts-test | Building this project is a regression test for api-extractor |
/build-tests/api-extractor-d-mts-test | Building this project is a regression test for api-extractor |
/build-tests/api-extractor-lib1-test | Building this project is a regression test for api-extractor |
/build-tests/api-extractor-lib2-test | Building this project is a regression test for api-extractor |
/build-tests/api-extractor-lib3-test | Building this project is a regression test for api-extractor |
/build-tests/api-extractor-lib4-test | Building this project is a regression test for api-extractor |
/build-tests/api-extractor-lib5-test | Building this project is a regression test for api-extractor |
/build-tests/api-extractor-scenarios | Building this project is a regression test for api-extractor |
/build-tests/api-extractor-test-01 | Building this project is a regression test for api-extractor |
/build-tests/api-extractor-test-02 | Building this project is a regression test for api-extractor |
/build-tests/api-extractor-test-03 | Building this project is a regression test for api-extractor |
/build-tests/api-extractor-test-04 | Building this project is a regression test for api-extractor |
/build-tests/eslint-7-11-test | This project contains a build test to validate ESLint 7.11.0 compatibility with the latest version of @rushstack/eslint-config (and by extension, the ESLint plugin) |
/build-tests/eslint-7-7-test | This project contains a build test to validate ESLint 7.7.0 compatibility with the latest version of @rushstack/eslint-config (and by extension, the ESLint plugin) |
/build-tests/eslint-7-test | This project contains a build test to validate ESLint 7 compatibility with the latest version of @rushstack/eslint-config (and by extension, the ESLint plugin) |
/build-tests/eslint-8-test | This project contains a build test to validate ESLint 8 compatibility with the latest version of @rushstack/eslint-config (and by extension, the ESLint plugin) |
/build-tests/eslint-bulk-suppressions-test | Sample code to test eslint bulk suppressions |
/build-tests/eslint-bulk-suppressions-test-legacy | Sample code to test eslint bulk suppressions for versions of eslint < 8.57.0 |
/build-tests/hashed-folder-copy-plugin-webpack5-test | Building this project exercises @rushstack/hashed-folder-copy-plugin with Webpack 5. NOTE - THIS TEST IS CURRENTLY EXPECTED TO BE BROKEN |
/build-tests/heft-copy-files-test | Building this project tests copying files with Heft |
/build-tests/heft-example-plugin-01 | This is an example heft plugin that exposes hooks for other plugins |
/build-tests/heft-example-plugin-02 | This is an example heft plugin that taps the hooks exposed from heft-example-plugin-01 |
/build-tests/heft-fastify-test | This project tests Heft support for the Fastify framework for Node.js services |
/build-tests/heft-jest-preset-test | This project illustrates configuring a Jest preset in a minimal Heft project |
/build-tests/heft-jest-reporters-test | This project illustrates configuring Jest reporters in a minimal Heft project |
/build-tests/heft-minimal-rig-test | This is a minimal rig package that is imported by the 'heft-minimal-rig-usage-test' project |
/build-tests/heft-minimal-rig-usage-test | A test project for Heft that resolves its compiler from the 'heft-minimal-rig-test' package |
/build-tests/heft-node-everything-esm-module-test | Building this project tests every task and config file for Heft when targeting the Node.js runtime when configured to use ESM module support |
/build-tests/heft-node-everything-test | Building this project tests every task and config file for Heft when targeting the Node.js runtime |
/build-tests/heft-parameter-plugin | This project contains a Heft plugin that adds a custom parameter to built-in actions |
/build-tests/heft-parameter-plugin-test | This project exercises a built-in Heft action with a custom parameter |
/build-tests/heft-sass-test | This project illustrates a minimal tutorial Heft project targeting the web browser runtime |
/build-tests/heft-typescript-composite-test | Building this project tests behavior of Heft when the tsconfig.json file uses project references. |
/build-tests/heft-typescript-v2-test | Building this project tests building with TypeScript v2 |
/build-tests/heft-typescript-v3-test | Building this project tests building with TypeScript v3 |
/build-tests/heft-typescript-v4-test | Building this project tests building with TypeScript v4 |
/build-tests/heft-web-rig-library-test | A test project for Heft that exercises the '@rushstack/heft-web-rig' package |
/build-tests/heft-webpack4-everything-test | Building this project tests every task and config file for Heft when targeting the web browser runtime using Webpack 4 |
/build-tests/heft-webpack5-everything-test | Building this project tests every task and config file for Heft when targeting the web browser runtime using Webpack 5 |
/build-tests/localization-plugin-test-01 | Building this project exercises @microsoft/localization-plugin. This tests that the plugin works correctly without any localized resources. |
/build-tests/localization-plugin-test-02 | Building this project exercises @microsoft/localization-plugin. This tests that the loader works correctly with the exportAsDefault option unset. |
/build-tests/localization-plugin-test-03 | Building this project exercises @microsoft/localization-plugin. This tests that the plugin works correctly with the exportAsDefault option set to true. |
/build-tests/package-extractor-test-01 | This project is used by tests in the @rushstack/package-extractor package. |
/build-tests/package-extractor-test-02 | This project is used by tests in the @rushstack/package-extractor package. |
/build-tests/package-extractor-test-03 | This project is used by tests in the @rushstack/package-extractor package. |
/build-tests/package-extractor-test-04 | This project is used by tests in the @rushstack/package-extractor package. |
/build-tests/rush-amazon-s3-build-cache-plugin-integration-test | Tests connecting to an amazon S3 endpoint |
/build-tests/rush-lib-declaration-paths-test | This project ensures all of the paths in rush-lib/lib/... have imports that resolve correctly. If this project builds, all lib/**/*.d.ts files in the @microsoft/rush-lib package are valid. |
/build-tests/rush-project-change-analyzer-test | This is an example project that uses rush-lib's ProjectChangeAnalyzer to |
/build-tests/rush-redis-cobuild-plugin-integration-test | Tests connecting to an redis server |
/build-tests/set-webpack-public-path-plugin-test | Building this project tests the set-webpack-public-path-plugin |
/build-tests/ts-command-line-test | Building this project is a regression test for ts-command-line |
/eslint/local-eslint-config | An ESLint configuration consumed projects inside the rushstack repo. |
/libraries/rush-themed-ui | Rush Component Library: a set of themed components for rush projects |
/libraries/rushell | Execute shell commands using a consistent syntax on every platform |
/repo-scripts/doc-plugin-rush-stack | API Documenter plugin used with the rushstack.io website |
/repo-scripts/generate-api-docs | Used to generate API docs for the rushstack.io website |
/repo-scripts/repo-toolbox | Used to execute various operations specific to this repo |
/rigs/local-node-rig | A rig package for Node.js projects that build using Heft inside the RushStack repository. |
/rigs/local-web-rig | A rig package for Web projects that build using Heft inside the RushStack repository. |
/rush-plugins/rush-litewatch-plugin | An experimental alternative approach for multi-project watch mode |
/vscode-extensions/rush-vscode-command-webview | Part of the Rush Stack VSCode extension, provides a UI for invoking Rush commands |
/vscode-extensions/rush-vscode-extension | Enhanced experience for monorepos that use the Rush Stack toolchain |
/webpack/webpack-deep-imports-plugin | This plugin creates a bundle and commonJS files in a 'lib' folder mirroring modules in another 'lib' folder. |
Contributor Notice
This repo welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This repo has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 11/30 approved changesets -- score normalized to 3
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rushstack/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rushstack/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rushstack/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/file-doc-tickets.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rushstack/file-doc-tickets.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .devcontainer/setup.sh:12
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/file-doc-tickets.yml:1
- Info: no jobLevel write permissions found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 11 are checked with a SAST tool
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
23 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-3fjj-p79j-c9hh
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-pppg-cpfq-h7wr
- Warn: Project is vulnerable to: GHSA-36fh-84j7-cv5h
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Score
5
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to @rushstack/rush-sdk
@microsoft/rush
A professional solution for consolidating all your JavaScript projects in one Git repo
@rushstack/rush-amazon-s3-build-cache-plugin
Rush plugin for Amazon S3 cloud build cache
@rushstack/node-core-library
Core libraries that every NodeJS toolchain project should use
@rushstack/lookup-by-path
Strongly typed trie data structure for path and URL-like strings.