Gathering detailed insights and metrics for @sanity/core
Gathering detailed insights and metrics for @sanity/core
Installations
npm install @sanity/coreDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=12.0.0
Typescript Support
No
Node Version
18.16.0
NPM Version
lerna/4.0.0/node@v18.16.0+arm64 (darwin)
Statistics
5,326 Stars
17,242 Commits
430 Forks
82 Watching
705 Branches
133 Contributors
Updated on 28 Nov 2024
Languages
TypeScript (91.52%)
HTML (4.82%)
JavaScript (3.65%)
CSS (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
6,378,295
Last day
16.9%
1,473
Compared to previous day
Last week
4%
7,878
Compared to previous week
Last month
-2.8%
34,277
Compared to previous month
Last year
-39.2%
700,414
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
47
opnrxjschalkdebugexecajsdomjson5yargsget-itlodashrimrafsemvertar-fsterseronelinepirateschokidardate-fnsfilesizefs-extrapluralizepretty-msjson-lexerconfigstorelog-symbolspath-exists@sanity/util@sanity/uuidjsdom-globalresolve-fromes6-promisify@sanity/export@sanity/import@sanity/schema@sanity/server@babel/register@sanity/resolverdeep-sort-object@babel/preset-env@babel/preset-react@sanity/eventsource@sanity/plugin-loaderconsole-table-printer@babel/preset-typescript@sanity/generate-help-url@sanity/webpack-integration@babel/plugin-proposal-class-properties
Versions
Sanity
Get Started | Docs | Website
Build powerful production-ready content workspaces
The Sanity Composable Content Cloud lets teams create remarkable digital experiences at scale. Sanity Studio is an open-source, single-page application that is fast to set up and quick to configure. The Studio comes with a complete studio customization framework that lets you tailor the workspace as your needs grow.
Sanity hosts your content in a real-time, hosted data store called Content Lake. Get started with the free plan with generous bandwidth and hosting included and pay-as-you-go for overages.
Quickstart
Initiate a new project by running the following command:
1npm create sanity@latest 2 3# With other package managers: 4yarn create sanity@latest 5pnpm create sanity@latest
Go here for a step-by-step guide on how to get up and running.
Check out the docs and plugins and start building.
Key Features
Sanity Studio
Sanity Studio is an open-source real-time CMS, that you can customize with JavaScript and React.
- Efficient editing, instant UI for complex fields
- Responsive, works on narrow screens
- Plug-in architecture and custom components
- Style with your own branding
- Advanced block editor for structured content
- Use JavaScript to add field validations, organize documents, and set initial values
Developer experience
- Bring your own frontend, or whatever else you might need.
- Sweet APIs for reading, writing, importing, exporting, go back in time, and listening for updates.
- Secure, scalable and GDPR compliant.
- Zero config Graph Oriented Query Language (GROQ), and GraphQL API.
- Helpful and friendly developer community.
Structured Content
- Distribute from a single source of truth, in real-time.
- Unlock programmatic approaches to workflows and design.
- Upload images and transform them on demand.
- Query images for metadata like dominant colors, sizes, geo-location, and EXIF metadata.
- Rich text that can be serialized into any markup language.
Stay up to date
- Follow @sanity_io on Twitter
- Subscribe to our blog by RSS
- Subscribe to our newsletter
- Join the developer community on Slack
Code of Conduct
We aim to be an inclusive, welcoming community for everyone. To make that explicit, we have a code of conduct that applies to communication around the project.
Want to contribute?
Found a bug, or want to contribute code? Pull requests and issues are most welcome. Read our contributing guidelines to learn how.
Help Improve Sanity Studio translations
We're always looking to make Sanity Studio more accessible and user-friendly, and your contributions can make a big difference. Whether you're a seasoned developer or just starting out, helping with translations is a fantastic way to get involved.
If you're fluent in a language other than English, we'd love your help in reviewing and improving translations. Your expertise can greatly enhance the experience for users worldwide.
How to Contribute:
- Visit our sanity-io/locales repository and try out a locale you are fluent in.
- Have ideas for improvements? Submit a PR following the contributing guide.
- See if there are open PRs in languages you are fluent in and help review them.
Interested in playing a bigger role? You can ask to be added as a maintainer to oversee translations for specific languages, where you will be automatically added as a reviewer on PRs that involve your language. See the sanity-io/locales README for more.
Your contributions not only improve Sanity Studio but also bring together a diverse and global community of users. We appreciate every effort, big or small, and we can't wait to see what you bring to the table!
License
Sanity Studio is available under the MIT License
No vulnerabilities found.
Reason
30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/sanity-io/.github/SECURITY.md:1
- Info: Found linked content: github.com/sanity-io/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/sanity-io/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/sanity-io/.github/SECURITY.md:1
Reason
no binaries found in the repo
Reason
Found 6/17 approved changesets -- score normalized to 3
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/are-we-compiled-yet.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/are-we-compiled-yet.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/are-we-compiled-yet.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/are-we-compiled-yet.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/are-we-compiled-yet.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/are-we-compiled-yet.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cli-test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/cli-test.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cli-test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/cli-test.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/cli-test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/cli-test.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cli-test.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/cli-test.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/depCheck.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/depCheck.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/depCheck.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/depCheck.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/depCheck.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/depCheck.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/depCheck.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/depCheck.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docReport.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/docReport.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docReport.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/docReport.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docReport.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/docReport.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docReport.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/docReport.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:232: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:260: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ct.yml:263: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ct.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:205: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:296: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:307: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:310: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:314: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:328: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:343: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:352: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:376: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-ui.yml:379: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e-ui.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:229: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yml:234: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:263: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:272: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:296: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:299: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/e2e.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/efps.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/efps.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/efps.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/efps.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/efps.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/efps.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/efps.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/efps.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/efps.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/efps.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/efps.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/efps.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/efps.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/efps.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/efps.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/efps.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/efps.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/efps.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/efps.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/efps.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/efps.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/efps.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/etl.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/etl.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/etl.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/etl.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/etl.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/etl.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/etl.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/etl.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/formatCheck.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/formatCheck.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/formatCheck.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/formatCheck.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/formatCheck.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/formatCheck.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/formatCheck.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/formatCheck.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-fix-if-needed.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/lint-fix-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-fix-if-needed.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/lint-fix-if-needed.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-fix-if-needed.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/lint-fix-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-fix-if-needed.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/lint-fix-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-fix-if-needed.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/lint-fix-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-fix-if-needed.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/lint-fix-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lintPr.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/lintPr.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lintPr.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/lintPr.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lintPr.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/lintPr.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/perf.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/perf.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/perf.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/perf.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/perf.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/perf.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pnpm-if-needed.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/pnpm-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pnpm-if-needed.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/pnpm-if-needed.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pnpm-if-needed.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/pnpm-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pnpm-if-needed.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/pnpm-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pnpm-if-needed.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/pnpm-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-cleanup.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/pr-cleanup.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-cleanup.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/pr-cleanup.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-cleanup.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/pr-cleanup.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-cleanup.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/pr-cleanup.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-cleanup.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/pr-cleanup.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-cleanup.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/pr-cleanup.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-cleanup.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/pr-cleanup.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prettier-if-needed.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/prettier-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prettier-if-needed.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/prettier-if-needed.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/prettier-if-needed.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/prettier-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prettier-if-needed.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/prettier-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prettier-if-needed.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/prettier-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prettier-if-needed.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/prettier-if-needed.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/react-compiler.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/react-compiler.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/react-compiler.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/react-compiler.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/react-compiler.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/react-compiler.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/react-compiler.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/react-compiler.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/release.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/release.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/release.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/release.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/test.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/test.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/test.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/test.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testExports.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/testExports.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testExports.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/testExports.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/testExports.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/testExports.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testExports.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/testExports.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typeCheck.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/typeCheck.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typeCheck.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/typeCheck.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/typeCheck.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/typeCheck.yml/next?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typeCheck.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/typeCheck.yml/next?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/validate-pr-title.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sanity-io/sanity/validate-pr-title.yml/next?enable=pin
- Info: 0 out of 127 GitHub-owned GitHubAction dependencies pinned
- Info: 9 out of 41 third-party GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/e2e-ct.yml:244
- Warn: jobLevel 'actions' permission set to 'write': .github/workflows/e2e-ct.yml:245
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/e2e-ui.yml:360
- Warn: jobLevel 'actions' permission set to 'write': .github/workflows/e2e-ui.yml:361
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/e2e.yml:280
- Warn: jobLevel 'actions' permission set to 'write': .github/workflows/e2e.yml:281
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:16
- Warn: no topLevel permission defined: .github/workflows/are-we-compiled-yet.yml:1
- Warn: no topLevel permission defined: .github/workflows/cli-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/depCheck.yml:1
- Warn: no topLevel permission defined: .github/workflows/docReport.yml:1
- Warn: no topLevel permission defined: .github/workflows/e2e-ct.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/e2e-ui.yml:3
- Info: topLevel 'contents' permission set to 'read': .github/workflows/e2e.yml:3
- Warn: no topLevel permission defined: .github/workflows/efps.yml:1
- Warn: no topLevel permission defined: .github/workflows/etl.yml:1
- Warn: no topLevel permission defined: .github/workflows/formatCheck.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/lint-fix-if-needed.yml:14
- Warn: no topLevel permission defined: .github/workflows/lintPr.yml:1
- Warn: no topLevel permission defined: .github/workflows/perf.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pnpm-if-needed.yml:16
- Warn: no topLevel permission defined: .github/workflows/pr-cleanup.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/prettier-if-needed.yml:14
- Info: topLevel 'contents' permission set to 'read': .github/workflows/react-compiler.yml:13
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Warn: no topLevel permission defined: .github/workflows/testExports.yml:1
- Warn: no topLevel permission defined: .github/workflows/typeCheck.yml:1
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/validate-pr-title.yml:12
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 20 are checked with a SAST tool
Reason
11 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq
- Warn: Project is vulnerable to: GHSA-593m-55hh-j8gv
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
- Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Score
4.9
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More