Gathering detailed insights and metrics for @schematics/package-update
Gathering detailed insights and metrics for @schematics/package-update
Installations
npm install @schematics/package-updateDeveloper Guide
BETA
Typescript
No
Module System
N/A
Min. Node Version
>= 8.9.0
Node Version
8.10.0
NPM Version
5.6.0
Releases
853
Languages
8
TypeScript
Starlark
JavaScript
HTML
EJS
Shell
jq
CSS
TypeScript (95.02%)
Starlark (2.32%)
JavaScript (1.33%)
HTML (0.99%)
EJS (0.24%)
Shell (0.06%)
jq (0.03%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
26,934 Stars
16,846 Commits
11,950 Forks
988 Watchers
32 Branches
659 Contributors
Updated on Jul 17, 2025
Maintainers
1
Package Meta Information
Latest Version
0.7.5
Package Id
@schematics/package-update@0.7.5
Size
14.04 kB
NPM Version
5.6.0
Node Version
8.10.0
Published on
Aug 23, 2018
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
ERROR: No README data found!
No vulnerabilities found.
Reason
30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Reason
update tool detected
Details
- Info: detected update tool: Dependabot: .github/dependabot.yml:1
- Info: detected update tool: RenovateBot: renovate.json:1
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:17
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecard.yml:19
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:20
- Info: topLevel 'contents' permission set to 'read': .github/workflows/assistant-to-the-branch-manager.yml:10
- Info: found token with 'none' permissions: .github/workflows/ci.yml:1
- Info: found token with 'none' permissions: .github/workflows/codeql.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dev-infra.yml:9
- Info: topLevel 'contents' permission set to 'read': .github/workflows/feature-requests.yml:5
- Info: topLevel 'contents' permission set to 'read': .github/workflows/perf.yml:11
- Info: found token with 'none' permissions: .github/workflows/pr.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:12
- Info: no jobLevel write permissions found
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
all dependencies are pinned
Details
- Info: 13 out of 13 GitHub-owned GitHubAction dependencies pinned
- Info: 56 out of 56 third-party GitHubAction dependencies pinned
Reason
26 out of 26 merged PRs checked by a CI test -- score normalized to 10
Reason
project has 64 contributing companies or organizations
Details
- Info: found contributions from: AngularAir, AngularClass, FACTORYX, FEMR, FieldDB, HTTPArchive, Jasig, Many-Repo-Manager-PoC, Ninja-Squad, QwikDev, ReactWeek, RedditInsight, SofiaJavaScript, TrilonIO, angular, angular @google, angular-community, angular-redux, angularjs-in-action, app-demos, aspect-build, async-framework, beerjs, coddict, deployd, expert support, gethuman, google, google-gemini, googlers, guess-js, hackreactor, hizenapp, https://1fpga.com, keychain, kunai-consulting, mend, monsoonco, nestjs, newlinedotco, ng-cruise, ng-newsletter, ng-packagr, ngcommunity, nguniversal, ninja-squad, nko4, nrwl, obshtestvo, qwikifiers, rangle, rangleio, rectanglepodcast-com, source-map, storybookjs, testiumjs, trilonio co-founder, typed-typings, typings, uniform-team, vue-software, vuejs, wasmbinaries, webpack
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Warn: codeowners review is not required on branch 'main'
- Warn: no status checks found to merge onto branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Reason
badge detected: InProgress
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
8.3
/10
Last Scanned on 2025-07-16T23:05:38Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More